diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c551b35c..6228e304 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,39 +1,39 @@ -name: Release Charts - -on: - push: - branches: - - main - paths: - - 'charts/**' - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v4 - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - name: Helm Lint - run: | - cd charts/service - helm lint - cd ../.. - cd charts/cron-job - helm lint - cd ../.. - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_GENERATE_RELEASE_NOTES: true +name: Release Charts + +on: + push: + branches: + - main + paths: + - 'charts/**' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v4 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Helm Lint + run: | + cd charts/service + helm lint + cd ../.. + cd charts/cron-job + helm lint + cd ../.. + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true diff --git a/.gitignore b/.gitignore index f705e85d..1c269fa1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ -# Chart dependencies -/charts/*/charts -.idea -.vscode +# Chart dependencies +/charts/*/charts +.idea +.vscode .DS_Store \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5a2e75f7..1873e9d5 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,128 +1,128 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -zopdev. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +zopdev. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations. \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 76de9bea..151269a8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,170 +1,170 @@ -# Contributing to Helm Charts - -## Welcome Contributors! - -We appreciate your interest in contributing to our Helm charts repository. Your contributions help improve these charts and benefit the entire community. This document provides guidelines and best practices to ensure that all contributions are consistent, high quality, and integrate seamlessly with the zop.dev ecosystem. - ---- - -## 1. How to Contribute - -### Getting Started -- **Fork** the repository. -- **Clone** your forked repository locally. -- **Create a new branch** for your contribution (e.g., `feature/`, `fix/`, or `docs/`). -- **Make your changes** and test them thoroughly. -- **Submit a pull request (PR)** with a clear title and detailed description. - ---- - -## 2. Branching Strategy - -We use a simplified Git workflow: -- The `main` branch is our primary branch for stable releases. -- Create feature branches from `main`. -- **Branch Naming Convention:** - - `feature/`: For new features. - - `fix/`: For bug fixes. - - `docs/`: For documentation updates. - ---- - -## 3. Code and Chart Standards - -### Helm Chart Standards -- **Official Best Practices:** Follow the official Helm best practices. -- **Linting:** Ensure all charts pass `helm lint` without errors. -- **Values File:** - - Include a comprehensive `values.yaml` file with sensible defaults. - - If any field is intended to be user-configurable, mark it in the accompanying `values.schema.json` with `"mutable": true`. - - If a field is not meant to be edited, mark it in the accompanying `values.schema.json` with `"editDisabled": true`. -- **Comments & Documentation:** - - Add comments in YAML files to explain complex configurations. - - Document any overrideable values in the chart’s README. -- **YAML Formatting:** - - Use 2-space indentation; do not use hard tabs. - - Keep lines under 80 characters where possible. - - Use snake_case for variable names. - - ---- - -## 4. Chart Configuration Guidelines - -### Metadata Guidelines -- **Required Annotation:** Every chart must include the following metadata annotation: - ```yaml - annotations: - type: datasource # or "application" - ``` -This annotation ensures that the chart is automatically reflected in the zop.dev Applications and Datasources section. - - -### For Application Charts (using the **service** chart) -- **Bundled Configurations:** - The service chart bundles configurations for: - - Horizontal Pod Autoscaling (HPA) - - Deployments - - Alerts and Grafana configurations - - Ingress settings - - Pod-distribution budgets - - Persistent Volume Claims (PVCs) - - Service Monitors (refer to the `service-monitor.yaml` template) - - Alerts (refer to the `alerts.yaml` template) -- **Credential Management:** - Application-specific credentials (ID and password) are automatically managed via templated files (e.g., `-login.yaml`). Users do not need to provide these values manually. - -### For Datasource Charts -- **Minimal Configuration:** - Datasource charts are optimized to require only the essential inputs, minimizing the configuration overhead for users. - ---- - -## 5. Testing Requirements - -### Before Submitting a Pull Request -- **Lint Your Chart:** - Run `helm lint` on your chart to catch any issues. -- **Dry Run Installation:** - Test chart installation with: - ```bash - helm install --dry-run --debug mychart ./path/to/your/chart - ``` -- **Functionality Testing:** - Ensure that all default configurations work as expected. -- **Uninstallation Testing:** - Verify that the chart can be uninstalled cleanly without errors. - ---- - -## 6. Submitting Changes - -### Pull Request Guidelines -- **Title & Description:** - Use a clear and descriptive title. Provide a detailed description of your changes, including: - - The problem your changes address. - - Any new features or bug fixes. - - References to any related GitHub issues. -- **Checklist:** - Ensure your PR meets the following: - - [ ] Code and chart conform to Helm best practices. - - [ ] `helm lint` passes without errors. - - [ ] All changes are properly documented. - - [ ] Tests have been added/updated as necessary. - -### Pull Request Template Example -```markdown -## Description -[Provide a detailed description of your changes] - -## Type of Change -- [ ] Bug fix -- [ ] New feature -- [ ] Documentation update -- [ ] Chart configuration update - -## Checklist -- [ ] I have performed a self-review of my code -- [ ] I have added tests proving my fix/feature -- [ ] My changes generate no new warnings -- [ ] I have updated documentation accordingly -``` - ---- - -## 7. Issue Tracking - -### Reporting Issues -- **Use GitHub Issues:** - Open a new issue for any bugs or feature requests. -- **Provide Details:** - Include a detailed description, steps to reproduce, and expected versus actual behavior. -- **Labels:** - Use appropriate labels to help us prioritize and address the issues. - ---- - -## 8. Important Contribution Policies - -- **Timely Reviews:** - No PR should remain open for more than 2 weeks without feedback. -- **Avoid WIP or Draft PRs:** - Submit PRs only when your work is ready for review. -- **Respectful Communication:** - Follow our Code of Conduct. Provide constructive feedback and collaborate positively. - ---- - -## 9. Getting Help - -If you need assistance: -- **Consult Documentation:** Review the existing documentation in the repository. -- **Open an Issue:** If you have questions, open an issue for discussion. -- **Community Discussions:** Join our community channels for real-time help and support. - ---- - -## Thank You! - -Your contributions are vital to the success and growth of our Helm charts repository. Thank you for taking the time to improve our charts and for being part of the zop.dev community! +# Contributing to Helm Charts + +## Welcome Contributors! + +We appreciate your interest in contributing to our Helm charts repository. Your contributions help improve these charts and benefit the entire community. This document provides guidelines and best practices to ensure that all contributions are consistent, high quality, and integrate seamlessly with the zop.dev ecosystem. + +--- + +## 1. How to Contribute + +### Getting Started +- **Fork** the repository. +- **Clone** your forked repository locally. +- **Create a new branch** for your contribution (e.g., `feature/`, `fix/`, or `docs/`). +- **Make your changes** and test them thoroughly. +- **Submit a pull request (PR)** with a clear title and detailed description. + +--- + +## 2. Branching Strategy + +We use a simplified Git workflow: +- The `main` branch is our primary branch for stable releases. +- Create feature branches from `main`. +- **Branch Naming Convention:** + - `feature/`: For new features. + - `fix/`: For bug fixes. + - `docs/`: For documentation updates. + +--- + +## 3. Code and Chart Standards + +### Helm Chart Standards +- **Official Best Practices:** Follow the official Helm best practices. +- **Linting:** Ensure all charts pass `helm lint` without errors. +- **Values File:** + - Include a comprehensive `values.yaml` file with sensible defaults. + - If any field is intended to be user-configurable, mark it in the accompanying `values.schema.json` with `"mutable": true`. + - If a field is not meant to be edited, mark it in the accompanying `values.schema.json` with `"editDisabled": true`. +- **Comments & Documentation:** + - Add comments in YAML files to explain complex configurations. + - Document any overrideable values in the chart’s README. +- **YAML Formatting:** + - Use 2-space indentation; do not use hard tabs. + - Keep lines under 80 characters where possible. + - Use snake_case for variable names. + + +--- + +## 4. Chart Configuration Guidelines + +### Metadata Guidelines +- **Required Annotation:** Every chart must include the following metadata annotation: + ```yaml + annotations: + type: datasource # or "application" + ``` +This annotation ensures that the chart is automatically reflected in the zop.dev Applications and Datasources section. + + +### For Application Charts (using the **service** chart) +- **Bundled Configurations:** + The service chart bundles configurations for: + - Horizontal Pod Autoscaling (HPA) + - Deployments + - Alerts and Grafana configurations + - Ingress settings + - Pod-distribution budgets + - Persistent Volume Claims (PVCs) + - Service Monitors (refer to the `service-monitor.yaml` template) + - Alerts (refer to the `alerts.yaml` template) +- **Credential Management:** + Application-specific credentials (ID and password) are automatically managed via templated files (e.g., `-login.yaml`). Users do not need to provide these values manually. + +### For Datasource Charts +- **Minimal Configuration:** + Datasource charts are optimized to require only the essential inputs, minimizing the configuration overhead for users. + +--- + +## 5. Testing Requirements + +### Before Submitting a Pull Request +- **Lint Your Chart:** + Run `helm lint` on your chart to catch any issues. +- **Dry Run Installation:** + Test chart installation with: + ```bash + helm install --dry-run --debug mychart ./path/to/your/chart + ``` +- **Functionality Testing:** + Ensure that all default configurations work as expected. +- **Uninstallation Testing:** + Verify that the chart can be uninstalled cleanly without errors. + +--- + +## 6. Submitting Changes + +### Pull Request Guidelines +- **Title & Description:** + Use a clear and descriptive title. Provide a detailed description of your changes, including: + - The problem your changes address. + - Any new features or bug fixes. + - References to any related GitHub issues. +- **Checklist:** + Ensure your PR meets the following: + - [ ] Code and chart conform to Helm best practices. + - [ ] `helm lint` passes without errors. + - [ ] All changes are properly documented. + - [ ] Tests have been added/updated as necessary. + +### Pull Request Template Example +```markdown +## Description +[Provide a detailed description of your changes] + +## Type of Change +- [ ] Bug fix +- [ ] New feature +- [ ] Documentation update +- [ ] Chart configuration update + +## Checklist +- [ ] I have performed a self-review of my code +- [ ] I have added tests proving my fix/feature +- [ ] My changes generate no new warnings +- [ ] I have updated documentation accordingly +``` + +--- + +## 7. Issue Tracking + +### Reporting Issues +- **Use GitHub Issues:** + Open a new issue for any bugs or feature requests. +- **Provide Details:** + Include a detailed description, steps to reproduce, and expected versus actual behavior. +- **Labels:** + Use appropriate labels to help us prioritize and address the issues. + +--- + +## 8. Important Contribution Policies + +- **Timely Reviews:** + No PR should remain open for more than 2 weeks without feedback. +- **Avoid WIP or Draft PRs:** + Submit PRs only when your work is ready for review. +- **Respectful Communication:** + Follow our Code of Conduct. Provide constructive feedback and collaborate positively. + +--- + +## 9. Getting Help + +If you need assistance: +- **Consult Documentation:** Review the existing documentation in the repository. +- **Open an Issue:** If you have questions, open an issue for discussion. +- **Community Discussions:** Join our community channels for real-time help and support. + +--- + +## Thank You! + +Your contributions are vital to the success and growth of our Helm charts repository. Thank you for taking the time to improve our charts and for being part of the zop.dev community! ``` \ No newline at end of file diff --git a/LICENSE b/LICENSE index 261eeb9e..29f81d81 100644 --- a/LICENSE +++ b/LICENSE @@ -1,201 +1,201 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 48bebefd..53999266 100644 --- a/README.md +++ b/README.md @@ -1,152 +1,152 @@ -

- zop.dev Logo -

- -

Helm Charts : An Extensive Collection of Helm Charts for Datastores & Applications

- -

- - Apache 2.0 License - - - Contributing - -

- -## 🎯 **Goal** - -The zop.dev Helm Charts repository is designed to **simplify the deployment and management** of popular datastores and applications on Kubernetes. With pre-configured charts that work out-of-the-box and allow for explicit overrides, our goal is to streamline operations and integrate seamlessly with the zop.dev ecosystem. - ---- - -## πŸ’‘ **Key Features** - -1. **Zero Configuration Required:** - Charts deploy with default valuesβ€”no manual configuration is needed to get started. -2. **Explicit Override Options:** - Users can override selected parameters through a dedicated `values.yaml` with a corresponding `values.schema.json` that marks user-modifiable fields with `"mutable": true`. -3. **Automatic Integration:** - Every chart includes a required metadata annotation (`type: datasource` or `type: application`), ensuring automatic reflection in the zop.dev Applications and Datasources section. -4. **Scalability & Flexibility:** - Designed to adapt to various production workloads with ease. - ---- - -## πŸš€ **Getting Started** - -### **Prerequisites** -- **Helm:** Ensure [Helm](https://helm.sh/docs/intro/install/) is installed. -- **Kubernetes:** Access to a running Kubernetes cluster. - -### **Installation** - -To add the zop.dev repository and install a chart, run: - -```bash -helm repo add zop https://helm.zop.dev -helm install zop/ -``` - ---- - -### **Examples** - -### **Deploying an Application Chart:** - - ```bash - helm repo add zop https://helm.zop.dev - helm install my-app zop/service - ``` - -### **Overriding Values:** - - To customize certain values that are marked mutable, provide a custom `values.yaml`: - - ```bash - helm install my-app zop/service -f values.yaml - ``` - -### **Upgrading & Uninstalling:** - - Upgrade an existing release: - - ```bash - helm upgrade my-app zop/service --set ingress.enabled=true - ``` - -### Uninstall a release: - - ```bash - helm uninstall my-app - ``` - -### Verify your deployments: - - ```bash - helm list - ``` - ---- - - -## πŸ“‚ **Available Charts** - -Below is a list of available charts along with their links: - -1. **DATASOURCES** - -| **Name** | **Link** | **Metrics** | -|----------------------|------------------------------------------------------------------------|-------------| -| **MySQL** | [helm.zop.dev/mysql](https://helm.zop.dev/mysql) | βœ… | -| **PostgreSQL** | [helm.zop.dev/postgres](https://helm.zop.dev/postgres) | βœ… | -| **MariaDB** | [helm.zop.dev/mariadb](https://helm.zop.dev/mariadb) | βœ… | -| **Redis** | [helm.zop.dev/redis](https://helm.zop.dev/redis) | βœ… | -| **SurrealDB** | [helm.zop.dev/surrealdb](https://helm.zop.dev/surrealdb) | | -| **Dgraph** | [helm.zop.dev/dgraph](https://helm.zop.dev/dgraph) | | -| **Solr** | [helm.zop.dev/solr](https://helm.zop.dev/solr) | βœ… | -| **OpenTSDB** | [helm.zop.dev/opentsdb](https://helm.zop.dev/opentsdb) | | -| **ChromaDB** | [helm.zop.dev/chromadb](https://helm.zop.dev/chromadb) | | -| **Cassandra** | [helm.zop.dev/cassandra](https://helm.zop.dev/cassandra) | | -| **CockroachDB** | [helm.zop.dev/cockroachdb](https://helm.zop.dev/cockroachdb) | | -| **Kafka** | [helm.zop.dev/kafka](https://helm.zop.dev/kafka) | βœ… | -| **RedisDistributed** | [helm.zop.dev/redisdistributed](https://helm.zop.dev/redisdistributed) | βœ… | -| **SolrCloud** | [helm.zop.dev/solrcloud](https://helm.zop.dev/solrcloud) | | - - -2. **APPLICATIONS** - -| **Name** | **Link** | -|----------------|------------------------------------------------------------| -| **JupyterHub** | [helm.zop.dev/jupyterhub](https://helm.zop.dev/jupyterhub) | -| **Outline** | [helm.zop.dev/outline](https://helm.zop.dev/outline) | -| **Superset** | [helm.zop.dev/superset](https://helm.zop.dev/superset) | -| **WordPress** | [helm.zop.dev/wordpress](https://helm.zop.dev/wordpress) | - - -3. **OTHERS** - -| **Name** | **Link** | **Metrics** | -|--------------|--------------------------------------------------------|-------------| -| **Cron-Job** | [helm.zop.dev/cron-job](https://helm.zop.dev/cron-job) | βœ… | -| **Service** | [helm.zop.dev/service](https://helm.zop.dev/service) | βœ… | - - -πŸ“Š **Metrics Export** - All charts that support metrics expose them on port 2121 by default. - ---- - -## πŸ‘ **Contribute** - -We welcome contributions to improve and expand our Helm charts. To contribute please refer to the [CONTRIBUTING.md](./CONTRIBUTING.md) file. - ---- - -## πŸ”’ **License** - -This project is licensed under the [Apache 2.0 License](./LICENSE). - ---- - -## πŸ“£ **Stay Connected** - +

+ zop.dev Logo +

+ +

Helm Charts : An Extensive Collection of Helm Charts for Datastores & Applications

+ +

+ + Apache 2.0 License + + + Contributing + +

+ +## 🎯 **Goal** + +The zop.dev Helm Charts repository is designed to **simplify the deployment and management** of popular datastores and applications on Kubernetes. With pre-configured charts that work out-of-the-box and allow for explicit overrides, our goal is to streamline operations and integrate seamlessly with the zop.dev ecosystem. + +--- + +## πŸ’‘ **Key Features** + +1. **Zero Configuration Required:** + Charts deploy with default valuesβ€”no manual configuration is needed to get started. +2. **Explicit Override Options:** + Users can override selected parameters through a dedicated `values.yaml` with a corresponding `values.schema.json` that marks user-modifiable fields with `"mutable": true`. +3. **Automatic Integration:** + Every chart includes a required metadata annotation (`type: datasource` or `type: application`), ensuring automatic reflection in the zop.dev Applications and Datasources section. +4. **Scalability & Flexibility:** + Designed to adapt to various production workloads with ease. + +--- + +## πŸš€ **Getting Started** + +### **Prerequisites** +- **Helm:** Ensure [Helm](https://helm.sh/docs/intro/install/) is installed. +- **Kubernetes:** Access to a running Kubernetes cluster. + +### **Installation** + +To add the zop.dev repository and install a chart, run: + +```bash +helm repo add zop https://helm.zop.dev +helm install zop/ +``` + +--- + +### **Examples** + +### **Deploying an Application Chart:** + + ```bash + helm repo add zop https://helm.zop.dev + helm install my-app zop/service + ``` + +### **Overriding Values:** + + To customize certain values that are marked mutable, provide a custom `values.yaml`: + + ```bash + helm install my-app zop/service -f values.yaml + ``` + +### **Upgrading & Uninstalling:** + + Upgrade an existing release: + + ```bash + helm upgrade my-app zop/service --set ingress.enabled=true + ``` + +### Uninstall a release: + + ```bash + helm uninstall my-app + ``` + +### Verify your deployments: + + ```bash + helm list + ``` + +--- + + +## πŸ“‚ **Available Charts** + +Below is a list of available charts along with their links: + +1. **DATASOURCES** + +| **Name** | **Link** | **Metrics** | +|----------------------|------------------------------------------------------------------------|-------------| +| **MySQL** | [helm.zop.dev/mysql](https://helm.zop.dev/mysql) | βœ… | +| **PostgreSQL** | [helm.zop.dev/postgres](https://helm.zop.dev/postgres) | βœ… | +| **MariaDB** | [helm.zop.dev/mariadb](https://helm.zop.dev/mariadb) | βœ… | +| **Redis** | [helm.zop.dev/redis](https://helm.zop.dev/redis) | βœ… | +| **SurrealDB** | [helm.zop.dev/surrealdb](https://helm.zop.dev/surrealdb) | | +| **Dgraph** | [helm.zop.dev/dgraph](https://helm.zop.dev/dgraph) | | +| **Solr** | [helm.zop.dev/solr](https://helm.zop.dev/solr) | βœ… | +| **OpenTSDB** | [helm.zop.dev/opentsdb](https://helm.zop.dev/opentsdb) | | +| **ChromaDB** | [helm.zop.dev/chromadb](https://helm.zop.dev/chromadb) | | +| **Cassandra** | [helm.zop.dev/cassandra](https://helm.zop.dev/cassandra) | | +| **CockroachDB** | [helm.zop.dev/cockroachdb](https://helm.zop.dev/cockroachdb) | | +| **Kafka** | [helm.zop.dev/kafka](https://helm.zop.dev/kafka) | βœ… | +| **RedisDistributed** | [helm.zop.dev/redisdistributed](https://helm.zop.dev/redisdistributed) | βœ… | +| **SolrCloud** | [helm.zop.dev/solrcloud](https://helm.zop.dev/solrcloud) | | + + +2. **APPLICATIONS** + +| **Name** | **Link** | +|----------------|------------------------------------------------------------| +| **JupyterHub** | [helm.zop.dev/jupyterhub](https://helm.zop.dev/jupyterhub) | +| **Outline** | [helm.zop.dev/outline](https://helm.zop.dev/outline) | +| **Superset** | [helm.zop.dev/superset](https://helm.zop.dev/superset) | +| **WordPress** | [helm.zop.dev/wordpress](https://helm.zop.dev/wordpress) | + + +3. **OTHERS** + +| **Name** | **Link** | **Metrics** | +|--------------|--------------------------------------------------------|-------------| +| **Cron-Job** | [helm.zop.dev/cron-job](https://helm.zop.dev/cron-job) | βœ… | +| **Service** | [helm.zop.dev/service](https://helm.zop.dev/service) | βœ… | + + +πŸ“Š **Metrics Export** - All charts that support metrics expose them on port 2121 by default. + +--- + +## πŸ‘ **Contribute** + +We welcome contributions to improve and expand our Helm charts. To contribute please refer to the [CONTRIBUTING.md](./CONTRIBUTING.md) file. + +--- + +## πŸ”’ **License** + +This project is licensed under the [Apache 2.0 License](./LICENSE). + +--- + +## πŸ“£ **Stay Connected** + For updates and support, visit the [zop.dev website](https://helm.zop.dev) or join our community discussions. \ No newline at end of file diff --git a/charts/cassandra/Chart.yaml b/charts/cassandra/Chart.yaml index 68e9ce23..7ea3a01f 100644 --- a/charts/cassandra/Chart.yaml +++ b/charts/cassandra/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 -appVersion: "1.0" -description: Helm chart for deploying cassandra -name: cassandra -version: 0.0.5 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for deploying cassandra +name: cassandra +version: 0.0.5 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/cassandra/README.md b/charts/cassandra/README.md index 1b9f781a..9ee1e808 100644 --- a/charts/cassandra/README.md +++ b/charts/cassandra/README.md @@ -1,127 +1,127 @@ -# Cassandra Helm Chart - -The Cassandra Helm chart provides an easy way to deploy Apache Cassandra, a highly scalable and distributed NoSQL database. This chart allows you to manage Cassandra instances on Kubernetes with customizable resource allocation, persistence, and scaling options. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Before deploying the Cassandra chart, add the Helm repository to your local setup: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To install the Cassandra Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/cassandra -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-cassandra zopdev/cassandra -``` - -To customize configurations, provide a `values.yaml` file or override values via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. - ---- - -## Uninstall Helm Chart - -To remove the Cassandra deployment and all associated Kubernetes resources, use the following command: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-cassandra -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The Cassandra Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|-----------------------------|----------|---------------------------------------------------------------|----------------------------------------| -| `image` | `string` | Docker image and tag for the Cassandra container. | "bitnami/cassandra:5.0.2-debian-12-r3" | -| `resources.requests.memory` | `string` | Minimum memory resources required by the Cassandra container. | `"2000Mi"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Cassandra container. | `"500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the Cassandra container can use. | `"4000Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the Cassandra container can use. | `"1000m"` | - -You can override these values in a `values.yaml` file or via the command line during installation. - ---- - -### Example `values.yaml` File - -```yaml -resources: - requests: - memory: "2000Mi" - cpu: "500m" - limits: - memory: "4000Mi" - cpu: "1000m" - -diskSize: 10Gi -``` - -To use this configuration, save it to a `values.yaml` file and apply it during installation: - -```bash -helm install my-cassandra zopdev/cassandra -f values.yaml -``` - ---- - -## Features - -- **Scalable Architecture:** Configure resources and scaling options to optimize performance for distributed database workloads. -- **Persistent Storage:** Keep Cassandra data intact across pod restarts with configurable persistent volumes. -- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. -- **Multi-Database Support:** Configure multiple database services through the services configuration. -- **Easy Deployment:** Simplified Helm chart for rapid deployment of Cassandra in Kubernetes environments. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Cassandra Helm Chart + +The Cassandra Helm chart provides an easy way to deploy Apache Cassandra, a highly scalable and distributed NoSQL database. This chart allows you to manage Cassandra instances on Kubernetes with customizable resource allocation, persistence, and scaling options. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Before deploying the Cassandra chart, add the Helm repository to your local setup: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To install the Cassandra Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/cassandra +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-cassandra zopdev/cassandra +``` + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. + +--- + +## Uninstall Helm Chart + +To remove the Cassandra deployment and all associated Kubernetes resources, use the following command: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-cassandra +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The Cassandra Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|-----------------------------|----------|---------------------------------------------------------------|----------------------------------------| +| `image` | `string` | Docker image and tag for the Cassandra container. | "bitnami/cassandra:5.0.2-debian-12-r3" | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Cassandra container. | `"2000Mi"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Cassandra container. | `"500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the Cassandra container can use. | `"4000Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Cassandra container can use. | `"1000m"` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +```yaml +resources: + requests: + memory: "2000Mi" + cpu: "500m" + limits: + memory: "4000Mi" + cpu: "1000m" + +diskSize: 10Gi +``` + +To use this configuration, save it to a `values.yaml` file and apply it during installation: + +```bash +helm install my-cassandra zopdev/cassandra -f values.yaml +``` + +--- + +## Features + +- **Scalable Architecture:** Configure resources and scaling options to optimize performance for distributed database workloads. +- **Persistent Storage:** Keep Cassandra data intact across pod restarts with configurable persistent volumes. +- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. +- **Multi-Database Support:** Configure multiple database services through the services configuration. +- **Easy Deployment:** Simplified Helm chart for rapid deployment of Cassandra in Kubernetes environments. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/cassandra/templates/database-pod.yaml b/charts/cassandra/templates/database-pod.yaml index 10274c4a..af5ef3be 100644 --- a/charts/cassandra/templates/database-pod.yaml +++ b/charts/cassandra/templates/database-pod.yaml @@ -1,32 +1,32 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-cassandra-init - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: cassandra-init - image: "bitnami/cassandra:5.0.2-debian-12-r3" - command: - - sh - - -c - - | - echo "Initializing Cassandra Pod..."; - cqlsh {{ $.Release.Name }}-cassandra -u superuser -p $POD_PASSWORD -e "SOURCE '/etc/config/init-schema.cql';" - env: - - name: POD_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-cassandra-database-secret - key: root-password - volumeMounts: - - name: script-volume - mountPath: /etc/config - volumes: - - name: script-volume - configMap: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - restartPolicy: OnFailure ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-cassandra-init + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: cassandra-init + image: "bitnami/cassandra:5.0.2-debian-12-r3" + command: + - sh + - -c + - | + echo "Initializing Cassandra Pod..."; + cqlsh {{ $.Release.Name }}-cassandra -u superuser -p $POD_PASSWORD -e "SOURCE '/etc/config/init-schema.cql';" + env: + - name: POD_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-cassandra-database-secret + key: root-password + volumeMounts: + - name: script-volume + mountPath: /etc/config + volumes: + - name: script-volume + configMap: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + restartPolicy: OnFailure +--- {{- end}} \ No newline at end of file diff --git a/charts/cassandra/templates/init-script-config-map.yaml b/charts/cassandra/templates/init-script-config-map.yaml index a8666c72..a7d9f394 100644 --- a/charts/cassandra/templates/init-script-config-map.yaml +++ b/charts/cassandra/templates/init-script-config-map.yaml @@ -1,66 +1,66 @@ -{{- range $index, $service := .Values.services }} -{{- $maxLen := 27 }} -{{- $randomSuffix := randAlphaNum 4 | lower }} -{{- $trimmedName := trunc $maxLen $service.name }} -{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} -{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{/* Define Secret Name */}} -{{- $secretName := printf "%s-%s-%s-cassandra-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} - -{{/* Retrieve existing secret (if any) */}} -{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} - -{{/* Use existing values if available, otherwise generate new ones */}} -{{- $username := $generatedUsername }} -{{- $password := $generatedPassword }} - -{{- if $existingSecret }} - {{- with $existingSecret.data }} - {{- if hasKey . "CASSANDRA_USERNAME" }} - {{- $username = index . "CASSANDRA_USERNAME" | b64dec }} - {{- end }} - {{- if hasKey . "CASSANDRA_PASSWORD" }} - {{- $password = index . "CASSANDRA_PASSWORD" | b64dec }} - {{- end }} - {{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-cassandra-configmap - namespace: {{ $.Release.Namespace }} -data: - CASSANDRA_HOST: {{ $.Release.Name }}-cassandra - CASSANDRA_KEYSPACE: "{{ $service.database }}" - CASSANDRA_PORT: "9042" ---- -{{/* Create Secret for Cassandra credentials */}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - CASSANDRA_USERNAME: {{ $username | b64enc }} - CASSANDRA_PASSWORD: {{ $password | b64enc }} ---- -{{/* Create ConfigMap for initialization script */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - namespace: {{ $.Release.Namespace }} -data: - init-schema.cql: | - CREATE KEYSPACE IF NOT EXISTS "{{ $service.database }}" - WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1}; - - USE "{{ $service.database }}"; - {{- if not $existingSecret }} - CREATE ROLE IF NOT EXISTS "{{ $username }}" WITH PASSWORD = '{{ $password }}' AND LOGIN = true; - GRANT ALL PERMISSIONS ON KEYSPACE "{{ $service.database }}" TO "{{ $username }}"; - {{- end }} +{{- range $index, $service := .Values.services }} +{{- $maxLen := 27 }} +{{- $randomSuffix := randAlphaNum 4 | lower }} +{{- $trimmedName := trunc $maxLen $service.name }} +{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} +{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{/* Define Secret Name */}} +{{- $secretName := printf "%s-%s-%s-cassandra-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} + +{{/* Retrieve existing secret (if any) */}} +{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} + +{{/* Use existing values if available, otherwise generate new ones */}} +{{- $username := $generatedUsername }} +{{- $password := $generatedPassword }} + +{{- if $existingSecret }} + {{- with $existingSecret.data }} + {{- if hasKey . "CASSANDRA_USERNAME" }} + {{- $username = index . "CASSANDRA_USERNAME" | b64dec }} + {{- end }} + {{- if hasKey . "CASSANDRA_PASSWORD" }} + {{- $password = index . "CASSANDRA_PASSWORD" | b64dec }} + {{- end }} + {{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-cassandra-configmap + namespace: {{ $.Release.Namespace }} +data: + CASSANDRA_HOST: {{ $.Release.Name }}-cassandra + CASSANDRA_KEYSPACE: "{{ $service.database }}" + CASSANDRA_PORT: "9042" +--- +{{/* Create Secret for Cassandra credentials */}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ $.Release.Namespace }} +type: Opaque +data: + CASSANDRA_USERNAME: {{ $username | b64enc }} + CASSANDRA_PASSWORD: {{ $password | b64enc }} +--- +{{/* Create ConfigMap for initialization script */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + namespace: {{ $.Release.Namespace }} +data: + init-schema.cql: | + CREATE KEYSPACE IF NOT EXISTS "{{ $service.database }}" + WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1}; + + USE "{{ $service.database }}"; + {{- if not $existingSecret }} + CREATE ROLE IF NOT EXISTS "{{ $username }}" WITH PASSWORD = '{{ $password }}' AND LOGIN = true; + GRANT ALL PERMISSIONS ON KEYSPACE "{{ $service.database }}" TO "{{ $username }}"; + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/cassandra/templates/secret.yaml b/charts/cassandra/templates/secret.yaml index c87d7065..36f7e651 100644 --- a/charts/cassandra/templates/secret.yaml +++ b/charts/cassandra/templates/secret.yaml @@ -1,20 +1,20 @@ -{{- $secretName := printf "%s-cassandra-database-secret" .Release.Name }} - -{{/* Generate a strong root password only if not already set */}} -{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{- $rootPassword := $generatedRootPassword }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - {{- if .Release.IsInstall }} - root-password: {{ $rootPassword | b64enc }} - {{ else }} - root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} +{{- $secretName := printf "%s-cassandra-database-secret" .Release.Name }} + +{{/* Generate a strong root password only if not already set */}} +{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{- $rootPassword := $generatedRootPassword }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{- if .Release.IsInstall }} + root-password: {{ $rootPassword | b64enc }} + {{ else }} + root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} {{ end }} \ No newline at end of file diff --git a/charts/cassandra/templates/service.yaml b/charts/cassandra/templates/service.yaml index 2f4b8ea9..6b501bda 100644 --- a/charts/cassandra/templates/service.yaml +++ b/charts/cassandra/templates/service.yaml @@ -1,14 +1,14 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-cassandra - labels: - app: {{ .Release.Name }}-cassandra -spec: - type: ClusterIP - clusterIP: None - ports: - - port: 9042 - targetPort: 9042 - selector: +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-cassandra + labels: + app: {{ .Release.Name }}-cassandra +spec: + type: ClusterIP + clusterIP: None + ports: + - port: 9042 + targetPort: 9042 + selector: app: {{ .Release.Name }}-cassandra \ No newline at end of file diff --git a/charts/cassandra/templates/statefulset.yaml b/charts/cassandra/templates/statefulset.yaml index eeadefc3..c1e449c0 100644 --- a/charts/cassandra/templates/statefulset.yaml +++ b/charts/cassandra/templates/statefulset.yaml @@ -1,125 +1,125 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-cassandra - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-cassandra -spec: - replicas: 1 - serviceName: {{ .Release.Name }}-cassandra - selector: - matchLabels: - app: {{ .Release.Name }}-cassandra - template: - metadata: - labels: - app: {{ .Release.Name }}-cassandra - spec: - containers: - - name: cassandra - image: "bitnami/cassandra:5.0.2-debian-12-r3" - imagePullPolicy: IfNotPresent - command: - - bash - - -ec - - | - # Node 0 is the password seeder - if [[ $POD_NAME =~ (.*)-0$ ]]; then - echo "Setting node as password seeder" - export CASSANDRA_PASSWORD_SEEDER=yes - else - # Only node 0 will execute the startup initdb scripts - export CASSANDRA_IGNORE_INITDB_SCRIPTS=1 - fi - /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh - ports: - - containerPort: 9042 - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - env: - - name: CASSANDRA_CLUSTER_NAME - value: "Cluster" - - name: CASSANDRA_NUM_TOKENS - value: "256" - - name: CASSANDRA_SEEDS - value: "{{ .Release.Name }}-cassandra-0.{{ .Release.Name }}-cassandra.{{ .Release.Namespace }}.svc.cluster.local" - - name: CASSANDRA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-cassandra-database-secret - key: root-password - - name: CASSANDRA_USER - value: "superuser" - - name: CASSANDRA_DATACENTER - value: dc1 - - name: CASSANDRA_RACK - value: rack1 - - name: CASSANDRA_KEYSTORE_LOCATION - value: "/opt/bitnami/cassandra/certs/keystore" - - name: CASSANDRA_TRUSTSTORE_LOCATION - value: "/opt/bitnami/cassandra/certs/truststore" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - nodetool drain - livenessProbe: - exec: - command: - - sh - - -c - - "nodetool status" - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 15 - failureThreshold: 3 - readinessProbe: - exec: - command: - - sh - - -c - - "nodetool status" - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 15 - failureThreshold: 3 - volumeMounts: - - name: {{.Release.Name }}-cassandra-data - mountPath: /var/lib/cassandra - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/cassandra/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /opt/bitnami/cassandra/tmp - subPath: app-tmp-dir - volumes: - - name: empty-dir - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: {{.Release.Name }}-cassandra-data - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.diskSize }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-cassandra + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }}-cassandra +spec: + replicas: 1 + serviceName: {{ .Release.Name }}-cassandra + selector: + matchLabels: + app: {{ .Release.Name }}-cassandra + template: + metadata: + labels: + app: {{ .Release.Name }}-cassandra + spec: + containers: + - name: cassandra + image: "bitnami/cassandra:5.0.2-debian-12-r3" + imagePullPolicy: IfNotPresent + command: + - bash + - -ec + - | + # Node 0 is the password seeder + if [[ $POD_NAME =~ (.*)-0$ ]]; then + echo "Setting node as password seeder" + export CASSANDRA_PASSWORD_SEEDER=yes + else + # Only node 0 will execute the startup initdb scripts + export CASSANDRA_IGNORE_INITDB_SCRIPTS=1 + fi + /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh + ports: + - containerPort: 9042 + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + env: + - name: CASSANDRA_CLUSTER_NAME + value: "Cluster" + - name: CASSANDRA_NUM_TOKENS + value: "256" + - name: CASSANDRA_SEEDS + value: "{{ .Release.Name }}-cassandra-0.{{ .Release.Name }}-cassandra.{{ .Release.Namespace }}.svc.cluster.local" + - name: CASSANDRA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-cassandra-database-secret + key: root-password + - name: CASSANDRA_USER + value: "superuser" + - name: CASSANDRA_DATACENTER + value: dc1 + - name: CASSANDRA_RACK + value: rack1 + - name: CASSANDRA_KEYSTORE_LOCATION + value: "/opt/bitnami/cassandra/certs/keystore" + - name: CASSANDRA_TRUSTSTORE_LOCATION + value: "/opt/bitnami/cassandra/certs/truststore" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nodetool drain + livenessProbe: + exec: + command: + - sh + - -c + - "nodetool status" + initialDelaySeconds: 120 + periodSeconds: 20 + timeoutSeconds: 15 + failureThreshold: 3 + readinessProbe: + exec: + command: + - sh + - -c + - "nodetool status" + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 15 + failureThreshold: 3 + volumeMounts: + - name: {{.Release.Name }}-cassandra-data + mountPath: /var/lib/cassandra + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/cassandra/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/cassandra/tmp + subPath: app-tmp-dir + volumes: + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: {{.Release.Name }}-cassandra-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: {{ .Values.diskSize }} storageClassName: standard \ No newline at end of file diff --git a/charts/cassandra/values.schema.json b/charts/cassandra/values.schema.json index 4c83ba6b..9cd2cb87 100644 --- a/charts/cassandra/values.schema.json +++ b/charts/cassandra/values.schema.json @@ -1,57 +1,57 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "2000Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "500m", "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "4000Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "1000m", "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "default": "10Gi", "mutable": true, - "editDisabled": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "database": { - "type": "string" - } - }, - "required": ["name", "database"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "2000Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "500m", "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "4000Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "1000m", "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "default": "10Gi", "mutable": true, + "editDisabled": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "database": { + "type": "string" + } + }, + "required": ["name", "database"] + } + } + } } \ No newline at end of file diff --git a/charts/cassandra/values.yaml b/charts/cassandra/values.yaml index 7c8f54e6..00580756 100644 --- a/charts/cassandra/values.yaml +++ b/charts/cassandra/values.yaml @@ -1,9 +1,9 @@ -resources: - requests: - memory: "2000Mi" - cpu: "500m" - limits: - memory: "4000Mi" - cpu: "1000m" - +resources: + requests: + memory: "2000Mi" + cpu: "500m" + limits: + memory: "4000Mi" + cpu: "1000m" + diskSize: 10Gi \ No newline at end of file diff --git a/charts/chromadb/Chart.yaml b/charts/chromadb/Chart.yaml index b32d92cf..5a9a7d03 100644 --- a/charts/chromadb/Chart.yaml +++ b/charts/chromadb/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying chromadb datastore -name: chromadb -version: 0.0.4 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying chromadb datastore +name: chromadb +version: 0.0.4 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/chromadb/Readme.md b/charts/chromadb/Readme.md index e0c9d303..af65a1cc 100644 --- a/charts/chromadb/Readme.md +++ b/charts/chromadb/Readme.md @@ -1,129 +1,129 @@ -# ChromaDB Helm Chart - -The ChromaDB Helm chart provides an easy way to deploy ChromaDB, a high-performance embedding database designed for AI applications. This chart allows you to manage ChromaDB instances on Kubernetes with customizable resource allocation, persistence, and scaling options. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Before deploying the ChromaDB chart, add the Helm repository to your local setup: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To install the ChromaDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/chromadb -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-chromadb zopdev/chromadb -``` - -To customize configurations, provide a `values.yaml` file or override values via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. - ---- - -## Uninstall Helm Chart - -To remove the ChromaDB deployment and all associated Kubernetes resources, use the following command: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-chromadb -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The ChromaDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|--------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `image` | `string` | Docker image and tag for the ChromaDB container. | `ghcr.io/chroma-core/chroma:latest` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the ChromaDB container. | `"1Gi"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the ChromaDB container. | `"100m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the ChromaDB container can use. | `"2Gi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the ChromaDB container can use. | `"1"` | -| `diskSize` | `string` | Size of the persistent volume for storing ChromaDB data. | `"10Gi"` | - -You can override these values in a `values.yaml` file or via the command line during installation. - ---- - -### Example `values.yaml` File - -```yaml -version: 0.6.3 - -resources: - requests: - memory: "1Gi" - cpu: "100m" - limits: - memory: "2Gi" - cpu: "1000m" - -diskSize: "10Gi" -``` - -To use this configuration, save it to a `values.yaml` file and apply it during installation: - -```bash -helm install my-chromadb zopdev/chromadb -f values.yaml -``` - ---- - -## Features - -- **Scalable Architecture:** Configure resources and scaling options to optimize performance for embedding-intensive workloads. -- **Persistent Storage:** Keep ChromaDB data intact across pod restarts with configurable persistent volumes. -- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. -- **Easy Deployment:** Simplified Helm chart for rapid deployment of ChromaDB in Kubernetes environments. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# ChromaDB Helm Chart + +The ChromaDB Helm chart provides an easy way to deploy ChromaDB, a high-performance embedding database designed for AI applications. This chart allows you to manage ChromaDB instances on Kubernetes with customizable resource allocation, persistence, and scaling options. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Before deploying the ChromaDB chart, add the Helm repository to your local setup: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To install the ChromaDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/chromadb +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-chromadb zopdev/chromadb +``` + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. + +--- + +## Uninstall Helm Chart + +To remove the ChromaDB deployment and all associated Kubernetes resources, use the following command: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-chromadb +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The ChromaDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `image` | `string` | Docker image and tag for the ChromaDB container. | `ghcr.io/chroma-core/chroma:latest` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the ChromaDB container. | `"1Gi"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the ChromaDB container. | `"100m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the ChromaDB container can use. | `"2Gi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the ChromaDB container can use. | `"1"` | +| `diskSize` | `string` | Size of the persistent volume for storing ChromaDB data. | `"10Gi"` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +```yaml +version: 0.6.3 + +resources: + requests: + memory: "1Gi" + cpu: "100m" + limits: + memory: "2Gi" + cpu: "1000m" + +diskSize: "10Gi" +``` + +To use this configuration, save it to a `values.yaml` file and apply it during installation: + +```bash +helm install my-chromadb zopdev/chromadb -f values.yaml +``` + +--- + +## Features + +- **Scalable Architecture:** Configure resources and scaling options to optimize performance for embedding-intensive workloads. +- **Persistent Storage:** Keep ChromaDB data intact across pod restarts with configurable persistent volumes. +- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. +- **Easy Deployment:** Simplified Helm chart for rapid deployment of ChromaDB in Kubernetes environments. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/chromadb/templates/_helpers.tpl b/charts/chromadb/templates/_helpers.tpl index 0eb03def..54d5d2ca 100644 --- a/charts/chromadb/templates/_helpers.tpl +++ b/charts/chromadb/templates/_helpers.tpl @@ -1,58 +1,58 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "chromadb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "chromadb.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-chromadb" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} - - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chromadb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "chromadb.labels" -}} -helm.sh/chart: {{ include "chromadb.chart" . }} -{{ include "chromadb.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "chromadb.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chromadb.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "chromadb.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chromadb.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{/* +Expand the name of the chart. +*/}} +{{- define "chromadb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chromadb.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-chromadb" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chromadb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chromadb.labels" -}} +helm.sh/chart: {{ include "chromadb.chart" . }} +{{ include "chromadb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chromadb.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chromadb.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chromadb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chromadb.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/chromadb/templates/configmap.yaml b/charts/chromadb/templates/configmap.yaml index fef2afbe..d1bc5b1f 100644 --- a/charts/chromadb/templates/configmap.yaml +++ b/charts/chromadb/templates/configmap.yaml @@ -1,15 +1,15 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name}}-chromadb-configmap - labels: - {{- include "chromadb.labels" . | nindent 4 }} -data: - CHROMA_SERVER_HOST: {{ .Release.Name}}-chromadb - CHROMA_SERVER_HTTP_PORT: "8000" - ANONYMIZED_TELEMETRY: "False" - ALLOW_RESET: "True" - IS_PERSISTENT: "True" - CHROMA_LOG_LEVEL: "DEBUG" - CHROMA_DATA_DIR: "/chroma/chroma" +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name}}-chromadb-configmap + labels: + {{- include "chromadb.labels" . | nindent 4 }} +data: + CHROMA_SERVER_HOST: {{ .Release.Name}}-chromadb + CHROMA_SERVER_HTTP_PORT: "8000" + ANONYMIZED_TELEMETRY: "False" + ALLOW_RESET: "True" + IS_PERSISTENT: "True" + CHROMA_LOG_LEVEL: "DEBUG" + CHROMA_DATA_DIR: "/chroma/chroma" CHROMA_IMPORT_SETTING: "True" \ No newline at end of file diff --git a/charts/chromadb/templates/service.yaml b/charts/chromadb/templates/service.yaml index e27d0035..e467bf8a 100644 --- a/charts/chromadb/templates/service.yaml +++ b/charts/chromadb/templates/service.yaml @@ -1,15 +1,15 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name}}-chromadb - labels: - {{- include "chromadb.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 8000 - targetPort: http - protocol: TCP - name: http - selector: - {{- include "chromadb.selectorLabels" . | nindent 4 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name}}-chromadb + labels: + {{- include "chromadb.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 8000 + targetPort: http + protocol: TCP + name: http + selector: + {{- include "chromadb.selectorLabels" . | nindent 4 }} diff --git a/charts/chromadb/templates/statefulset.yaml b/charts/chromadb/templates/statefulset.yaml index adbb2c79..5eecc65c 100644 --- a/charts/chromadb/templates/statefulset.yaml +++ b/charts/chromadb/templates/statefulset.yaml @@ -1,54 +1,54 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name}}-chromadb - labels: - {{- include "chromadb.labels" . | nindent 4 }} -spec: - replicas: 1 - serviceName: {{ include "chromadb.fullname" . }} - selector: - matchLabels: - {{- include "chromadb.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "chromadb.selectorLabels" . | nindent 8 }} - spec: - containers: - - name: chromadb - image: "ghcr.io/chroma-core/chroma:{{.Values.version}}" - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: {{ include "chromadb.fullname" . }}-configmap - ports: - - name: http - containerPort: 8000 - protocol: TCP - volumeMounts: - - name: db-data - mountPath: /chroma/chroma - readOnly: false - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - startupProbe: - httpGet: - path: /api/v1/version - port: 8000 - failureThreshold: 30 - periodSeconds: 10 - volumeClaimTemplates: - - metadata: - name: db-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name}}-chromadb + labels: + {{- include "chromadb.labels" . | nindent 4 }} +spec: + replicas: 1 + serviceName: {{ include "chromadb.fullname" . }} + selector: + matchLabels: + {{- include "chromadb.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "chromadb.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: chromadb + image: "ghcr.io/chroma-core/chroma:{{.Values.version}}" + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: {{ include "chromadb.fullname" . }}-configmap + ports: + - name: http + containerPort: 8000 + protocol: TCP + volumeMounts: + - name: db-data + mountPath: /chroma/chroma + readOnly: false + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + startupProbe: + httpGet: + path: /api/v1/version + port: 8000 + failureThreshold: 30 + periodSeconds: 10 + volumeClaimTemplates: + - metadata: + name: db-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: storage: {{.Values.diskSize}} \ No newline at end of file diff --git a/charts/chromadb/values.schema.json b/charts/chromadb/values.schema.json index 815124cc..507161b4 100644 --- a/charts/chromadb/values.schema.json +++ b/charts/chromadb/values.schema.json @@ -1,68 +1,68 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "image": { - "type": "string", - "default": "ghcr.io/chroma-core/chroma:latest" - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "100m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "1Gi", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "1000m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "2Gi", - "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "image": { + "type": "string", + "default": "ghcr.io/chroma-core/chroma:latest" + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "100m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "1Gi", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "1000m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "2Gi", + "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } } \ No newline at end of file diff --git a/charts/chromadb/values.yaml b/charts/chromadb/values.yaml index 5a9eefc1..c482c052 100644 --- a/charts/chromadb/values.yaml +++ b/charts/chromadb/values.yaml @@ -1,11 +1,11 @@ -version: 0.6.3 - -resources: - requests: - memory: "1Gi" - cpu: "100m" - limits: - memory: "2Gi" - cpu: "1000m" - +version: 0.6.3 + +resources: + requests: + memory: "1Gi" + cpu: "100m" + limits: + memory: "2Gi" + cpu: "1000m" + diskSize: "10Gi" \ No newline at end of file diff --git a/charts/cockroachdb/Chart.yaml b/charts/cockroachdb/Chart.yaml index 5eec6c03..7b5fc5ed 100755 --- a/charts/cockroachdb/Chart.yaml +++ b/charts/cockroachdb/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying cockroachdb datastore -name: cockroachdb -version: 0.0.4 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying cockroachdb datastore +name: cockroachdb +version: 0.0.4 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/cockroachdb/README.md b/charts/cockroachdb/README.md index 633d091c..43b07b1a 100644 --- a/charts/cockroachdb/README.md +++ b/charts/cockroachdb/README.md @@ -1,131 +1,131 @@ -# CockroachDB Helm Chart - -The CockroachDB Helm chart provides an easy way to deploy CockroachDB, a distributed SQL database built on a transactional and strongly-consistent key-value store. This chart allows you to manage CockroachDB instances on Kubernetes with customizable resource allocation, persistence, and scaling options. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Before deploying the CockroachDB chart, add the Helm repository to your local setup: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To install the CockroachDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/cockroachdb -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-cockroachdb zopdev/cockroachdb -``` - -To customize configurations, provide a `values.yaml` file or override values via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. - ---- - -## Uninstall Helm Chart - -To remove the CockroachDB deployment and all associated Kubernetes resources, use the following command: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-cockroachdb -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The CockroachDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|-----------------------------|----------|-----------------------------------------------------------------|---------------------------------| -| `image` | `string` | Docker image and tag for the Cassandra container. | `cockroachdb/cockroach:v25.1.2` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the CockroachDB container. | `"512Mi"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the CockroachDB container. | `"100m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the CockroachDB container can use. | `"512Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the CockroachDB container can use. | `"100m"` | -| `diskSize` | `string` | Size of the persistent volume for storing CockroachDB data. | `"10Gi"` | - -You can override these values in a `values.yaml` file or via the command line during installation. - ---- - -### Example `values.yaml` File - -```yaml -resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - -diskSize : 10Gi - -version: v25.1.2 -``` - -To use this configuration, save it to a `values.yaml` file and apply it during installation: - -```bash -helm install my-cockroachdb zopdev/cockroachdb -f values.yaml -``` - ---- - -## Features - -- **Distributed SQL Database:** Deploy a scalable, distributed SQL database with strong consistency guarantees. -- **Persistent Storage:** Keep CockroachDB data intact across pod restarts with configurable persistent volumes. -- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. -- **Version Control:** Specify the CockroachDB version to deploy. -- **Multi-Database Support:** Configure multiple database services through the services configuration. -- **Easy Deployment:** Simplified Helm chart for rapid deployment of CockroachDB in Kubernetes environments. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. +# CockroachDB Helm Chart + +The CockroachDB Helm chart provides an easy way to deploy CockroachDB, a distributed SQL database built on a transactional and strongly-consistent key-value store. This chart allows you to manage CockroachDB instances on Kubernetes with customizable resource allocation, persistence, and scaling options. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Before deploying the CockroachDB chart, add the Helm repository to your local setup: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To install the CockroachDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/cockroachdb +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-cockroachdb zopdev/cockroachdb +``` + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. + +--- + +## Uninstall Helm Chart + +To remove the CockroachDB deployment and all associated Kubernetes resources, use the following command: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-cockroachdb +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The CockroachDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|-----------------------------|----------|-----------------------------------------------------------------|---------------------------------| +| `image` | `string` | Docker image and tag for the Cassandra container. | `cockroachdb/cockroach:v25.1.2` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the CockroachDB container. | `"512Mi"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the CockroachDB container. | `"100m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the CockroachDB container can use. | `"512Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the CockroachDB container can use. | `"100m"` | +| `diskSize` | `string` | Size of the persistent volume for storing CockroachDB data. | `"10Gi"` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +```yaml +resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +diskSize : 10Gi + +version: v25.1.2 +``` + +To use this configuration, save it to a `values.yaml` file and apply it during installation: + +```bash +helm install my-cockroachdb zopdev/cockroachdb -f values.yaml +``` + +--- + +## Features + +- **Distributed SQL Database:** Deploy a scalable, distributed SQL database with strong consistency guarantees. +- **Persistent Storage:** Keep CockroachDB data intact across pod restarts with configurable persistent volumes. +- **Customizable Resource Allocation:** Tailor CPU and memory resources to match workload requirements. +- **Version Control:** Specify the CockroachDB version to deploy. +- **Multi-Database Support:** Configure multiple database services through the services configuration. +- **Easy Deployment:** Simplified Helm chart for rapid deployment of CockroachDB in Kubernetes environments. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. diff --git a/charts/cockroachdb/templates/_helpers.tpl b/charts/cockroachdb/templates/_helpers.tpl index c58f6b6c..5b289c76 100644 --- a/charts/cockroachdb/templates/_helpers.tpl +++ b/charts/cockroachdb/templates/_helpers.tpl @@ -1,43 +1,43 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cockroachdb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "cockroachdb.fullname" -}} - {{- printf "%s-cockroachdb" .Release.Name | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cockroachdb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the ServiceAccount to use. -*/}} -{{- define "cockroachdb.tls.serviceAccount.name" -}} -{{- if .Values.tls.serviceAccount.create -}} - {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.tls.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for NetworkPolicy. -*/}} -{{- define "cockroachdb.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cockroachdb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "cockroachdb.fullname" -}} + {{- printf "%s-cockroachdb" .Release.Name | trunc 56 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cockroachdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the ServiceAccount to use. +*/}} +{{- define "cockroachdb.tls.serviceAccount.name" -}} +{{- if .Values.tls.serviceAccount.create -}} + {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} +{{- else -}} + {{- default "default" .Values.tls.serviceAccount.name -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for NetworkPolicy. +*/}} +{{- define "cockroachdb.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/cockroachdb/templates/database-configmap.yaml b/charts/cockroachdb/templates/database-configmap.yaml index 3637f4d8..ade3fa50 100644 --- a/charts/cockroachdb/templates/database-configmap.yaml +++ b/charts/cockroachdb/templates/database-configmap.yaml @@ -1,14 +1,14 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-cockroachdb-configmap - namespace: {{ $.Release.Namespace }} -data: - DB_DIALECT: "cockroachdb" - DB_USER: "{{ $service.name }}-user" - DB_PORT: "26257" - DB_NAME: "{{ $service.database }}" - DB_HOST: "{{ $.Release.Name }}-cockroachdb-public" ---- -{{- end }} +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-cockroachdb-configmap + namespace: {{ $.Release.Namespace }} +data: + DB_DIALECT: "cockroachdb" + DB_USER: "{{ $service.name }}-user" + DB_PORT: "26257" + DB_NAME: "{{ $service.database }}" + DB_HOST: "{{ $.Release.Name }}-cockroachdb-public" +--- +{{- end }} diff --git a/charts/cockroachdb/templates/database-pod.yaml b/charts/cockroachdb/templates/database-pod.yaml index 4f7a56fa..11f045c7 100644 --- a/charts/cockroachdb/templates/database-pod.yaml +++ b/charts/cockroachdb/templates/database-pod.yaml @@ -1,26 +1,26 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Pod -metadata: - name: cockroachdb-init-{{ $.Release.Name }}-{{ $service.name }} - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: cockroach-init-role - image: cockroachdb/cockroach - command: ["/bin/sh"] - args: - [ - "-c", - "sleep 40 && ./cockroach sql --insecure --host={{ $.Release.Name }}-cockroachdb -e \"$(cat /etc/config/db-init.sql)\"" - ] - volumeMounts: - - name: secret-volume - mountPath: /etc/config - volumes: - - name: secret-volume - configMap: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - restartPolicy: OnFailure ---- -{{- end }} +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Pod +metadata: + name: cockroachdb-init-{{ $.Release.Name }}-{{ $service.name }} + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: cockroach-init-role + image: cockroachdb/cockroach + command: ["/bin/sh"] + args: + [ + "-c", + "sleep 40 && ./cockroach sql --insecure --host={{ $.Release.Name }}-cockroachdb -e \"$(cat /etc/config/db-init.sql)\"" + ] + volumeMounts: + - name: secret-volume + mountPath: /etc/config + volumes: + - name: secret-volume + configMap: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + restartPolicy: OnFailure +--- +{{- end }} diff --git a/charts/cockroachdb/templates/ingress.yaml b/charts/cockroachdb/templates/ingress.yaml index ae235d6d..6eff8468 100644 --- a/charts/cockroachdb/templates/ingress.yaml +++ b/charts/cockroachdb/templates/ingress.yaml @@ -1,30 +1,30 @@ -{{- if .Values.host }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-cockroachdb - namespace: {{ .Release.Namespace }} - labels: - app: cockroachdb - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: "" - nginx.ingress.kubernetes.io/auth-secret: "" - nginx.ingress.kubernetes.io/auth-type: "" -spec: - rules: - - host: {{ .Values.host }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ template "cockroachdb.fullname" . }}-public - port: - number: 8080 - tls: - - hosts: - - '{{ .Values.tlsHost | default .Values.host }}' - secretName: {{ .Values.tlsSecretName | default "tls-secret-replica" }} -{{- end }} +{{- if .Values.host }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-cockroachdb + namespace: {{ .Release.Namespace }} + labels: + app: cockroachdb + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: "" + nginx.ingress.kubernetes.io/auth-secret: "" + nginx.ingress.kubernetes.io/auth-type: "" +spec: + rules: + - host: {{ .Values.host }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ template "cockroachdb.fullname" . }}-public + port: + number: 8080 + tls: + - hosts: + - '{{ .Values.tlsHost | default .Values.host }}' + secretName: {{ .Values.tlsSecretName | default "tls-secret-replica" }} +{{- end }} diff --git a/charts/cockroachdb/templates/init-script-config-map.yaml b/charts/cockroachdb/templates/init-script-config-map.yaml index cbb9ce65..f19d3b59 100644 --- a/charts/cockroachdb/templates/init-script-config-map.yaml +++ b/charts/cockroachdb/templates/init-script-config-map.yaml @@ -1,14 +1,14 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - namespace: {{ $.Release.Namespace }} -data: - db-init.sql: | - CREATE DATABASE IF NOT EXISTS "{{ $service.database }}"; - USE "{{ $service.database }}"; - CREATE USER IF NOT EXISTS "{{ $service.name }}-user"; - GRANT ALL ON DATABASE "{{ $service.database }}" TO "{{ $service.name }}-user"; ---- -{{- end }} +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + namespace: {{ $.Release.Namespace }} +data: + db-init.sql: | + CREATE DATABASE IF NOT EXISTS "{{ $service.database }}"; + USE "{{ $service.database }}"; + CREATE USER IF NOT EXISTS "{{ $service.name }}-user"; + GRANT ALL ON DATABASE "{{ $service.database }}" TO "{{ $service.name }}-user"; +--- +{{- end }} diff --git a/charts/cockroachdb/templates/job.init.yaml b/charts/cockroachdb/templates/job.init.yaml index a3f812d4..b52ecbe3 100644 --- a/charts/cockroachdb/templates/job.init.yaml +++ b/charts/cockroachdb/templates/job.init.yaml @@ -1,42 +1,42 @@ -kind: Job -apiVersion: batch/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-init - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/component: init -spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: init - spec: - restartPolicy: OnFailure - terminationGracePeriodSeconds: 0 - containers: - - name: cluster-init - image: "cockroachdb/cockroach:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/bash - - -c - - >- - while true; do - initOUT=$(set -x; - /cockroach/cockroach init - --insecure - --host={{ template "cockroachdb.fullname" . }}-0.{{ template "cockroachdb.fullname" . -}} - :26257 - 2>&1); - initRC="$?"; - echo $initOUT; - [[ "$initRC" == "0" ]] && exit 0; - [[ "$initOUT" == *"cluster has already been initialized"* ]] && exit 0; - sleep 5; - done +kind: Job +apiVersion: batch/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-init + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: init +spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: init + spec: + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + containers: + - name: cluster-init + image: "cockroachdb/cockroach:latest" + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -c + - >- + while true; do + initOUT=$(set -x; + /cockroach/cockroach init + --insecure + --host={{ template "cockroachdb.fullname" . }}-0.{{ template "cockroachdb.fullname" . -}} + :26257 + 2>&1); + initRC="$?"; + echo $initOUT; + [[ "$initRC" == "0" ]] && exit 0; + [[ "$initOUT" == *"cluster has already been initialized"* ]] && exit 0; + sleep 5; + done diff --git a/charts/cockroachdb/templates/poddisruptionbudget.yaml b/charts/cockroachdb/templates/poddisruptionbudget.yaml index f86e3a3f..8ec60920 100644 --- a/charts/cockroachdb/templates/poddisruptionbudget.yaml +++ b/charts/cockroachdb/templates/poddisruptionbudget.yaml @@ -1,20 +1,20 @@ -kind: PodDisruptionBudget -apiVersion: policy/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-budget - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - maxUnavailable: 1 +kind: PodDisruptionBudget +apiVersion: policy/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-budget + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + maxUnavailable: 1 diff --git a/charts/cockroachdb/templates/service.discovery.yaml b/charts/cockroachdb/templates/service.discovery.yaml index 126141eb..a9f8d0f6 100644 --- a/charts/cockroachdb/templates/service.discovery.yaml +++ b/charts/cockroachdb/templates/service.discovery.yaml @@ -1,31 +1,31 @@ -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/component: cockroachdb - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - prometheus.io/scrape: "true" - prometheus.io/path: _status/vars - prometheus.io/port: "8080" -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: grpc - port: 26257 - targetPort: grpc - - name: http - port: 8080 - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - +kind: Service +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: cockroachdb + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + prometheus.io/scrape: "true" + prometheus.io/path: _status/vars + prometheus.io/port: "8080" +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: grpc + port: 26257 + targetPort: grpc + - name: http + port: 8080 + targetPort: http + selector: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + diff --git a/charts/cockroachdb/templates/service.public.yaml b/charts/cockroachdb/templates/service.public.yaml index 80974493..d4e6e204 100644 --- a/charts/cockroachdb/templates/service.public.yaml +++ b/charts/cockroachdb/templates/service.public.yaml @@ -1,25 +1,25 @@ -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-public - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/component: cockroachdb -spec: - type: ClusterIP - ports: - - name: grpc - port: 26257 - targetPort: grpc - - name: http - port: 8080 - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - +kind: Service +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-public + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: cockroachdb +spec: + type: ClusterIP + ports: + - name: grpc + port: 26257 + targetPort: grpc + - name: http + port: 8080 + targetPort: http + selector: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + diff --git a/charts/cockroachdb/templates/statefulset.yaml b/charts/cockroachdb/templates/statefulset.yaml index 91d0cb17..80823113 100644 --- a/charts/cockroachdb/templates/statefulset.yaml +++ b/charts/cockroachdb/templates/statefulset.yaml @@ -1,105 +1,105 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/component: cockroachdb -spec: - serviceName: {{ template "cockroachdb.fullname" . }} - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: cockroachdb - # No pre-stop hook is required, a SIGTERM plus some time is all that's - # needed for graceful shutdown of a node. - terminationGracePeriodSeconds: 60 - containers: - - name: cockroachdb - image: "cockroachdb/cockroach:{{ .Values.version }}" - imagePullPolicy: "IfNotPresent" - args: - - shell - - '-ecx' - - >- - exec /cockroach/cockroach start - --join=${STATEFULSET_NAME}-0.${STATEFULSET_FQDN}:26257,${STATEFULSET_NAME}-1.${STATEFULSET_FQDN}:26257,${STATEFULSET_NAME}-2.${STATEFULSET_FQDN}:26257 - --advertise-host=$(hostname).${STATEFULSET_FQDN} - --logtostderr=INFO --insecure --http-port=8080 --port=26257 - --cache=25% --max-disk-temp-storage=0 --max-offset=500ms - --max-sql-memory=25% - env: - - name: STATEFULSET_NAME - value: {{ template "cockroachdb.fullname" . }} - - name: STATEFULSET_FQDN - value: {{ template "cockroachdb.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - - name: COCKROACH_CHANNEL - value: kubernetes-helm - ports: - - name: grpc - containerPort: 26257 - protocol: TCP - - name: http - containerPort: 8080 - protocol: TCP - volumeMounts: - - name: datadir - mountPath: /cockroach/cockroach-data/ - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 30 - periodSeconds: 5 - readinessProbe: - httpGet: - path: /health?ready=1 - port: http - initialDelaySeconds: 10 - periodSeconds: 5 - failureThreshold: 2 - volumes: - - name: datadir - persistentVolumeClaim: - claimName: datadir - hostPath: - path: "" - volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: cockroachdb +spec: + serviceName: {{ template "cockroachdb.fullname" . }} + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: cockroachdb + # No pre-stop hook is required, a SIGTERM plus some time is all that's + # needed for graceful shutdown of a node. + terminationGracePeriodSeconds: 60 + containers: + - name: cockroachdb + image: "cockroachdb/cockroach:{{ .Values.version }}" + imagePullPolicy: "IfNotPresent" + args: + - shell + - '-ecx' + - >- + exec /cockroach/cockroach start + --join=${STATEFULSET_NAME}-0.${STATEFULSET_FQDN}:26257,${STATEFULSET_NAME}-1.${STATEFULSET_FQDN}:26257,${STATEFULSET_NAME}-2.${STATEFULSET_FQDN}:26257 + --advertise-host=$(hostname).${STATEFULSET_FQDN} + --logtostderr=INFO --insecure --http-port=8080 --port=26257 + --cache=25% --max-disk-temp-storage=0 --max-offset=500ms + --max-sql-memory=25% + env: + - name: STATEFULSET_NAME + value: {{ template "cockroachdb.fullname" . }} + - name: STATEFULSET_FQDN + value: {{ template "cockroachdb.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + - name: COCKROACH_CHANNEL + value: kubernetes-helm + ports: + - name: grpc + containerPort: 26257 + protocol: TCP + - name: http + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: datadir + mountPath: /cockroach/cockroach-data/ + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 30 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /health?ready=1 + port: http + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 2 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + hostPath: + path: "" + volumeClaimTemplates: + - metadata: + name: datadir + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: storage: {{ .Values.diskSize | quote }} \ No newline at end of file diff --git a/charts/cockroachdb/values.schema.json b/charts/cockroachdb/values.schema.json index ef47a56f..581cdbd5 100644 --- a/charts/cockroachdb/values.schema.json +++ b/charts/cockroachdb/values.schema.json @@ -1,61 +1,61 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "512Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "100m", "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "512Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "100m", "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "default": "10Gi", "mutable": true, - "editDisabled": true - }, - "version": { - "default": "v25.1.2", - "mutable": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "database": { - "type": "string" - } - }, - "required": ["name", "database"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "512Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "100m", "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "512Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "100m", "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "default": "10Gi", "mutable": true, + "editDisabled": true + }, + "version": { + "default": "v25.1.2", + "mutable": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "database": { + "type": "string" + } + }, + "required": ["name", "database"] + } + } + } } \ No newline at end of file diff --git a/charts/cockroachdb/values.yaml b/charts/cockroachdb/values.yaml index 94863895..c1b7c44a 100644 --- a/charts/cockroachdb/values.yaml +++ b/charts/cockroachdb/values.yaml @@ -1,11 +1,11 @@ -resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - -diskSize : 10Gi - +resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +diskSize : 10Gi + version: v25.1.2 \ No newline at end of file diff --git a/charts/cron-job/Chart.yaml b/charts/cron-job/Chart.yaml index de3103e0..2cd3d690 100644 --- a/charts/cron-job/Chart.yaml +++ b/charts/cron-job/Chart.yaml @@ -1,9 +1,9 @@ -apiVersion: v1 -appVersion: "1.0" -description: Helm chart creates a cron-job, service, alerts along with serviceMonitor etc -name: cron-job -version: 0.0.17 -icon: "https://zop.dev/logo.png" -maintainers: - - name: ZopDev +apiVersion: v1 +appVersion: "1.0" +description: Helm chart creates a cron-job, service, alerts along with serviceMonitor etc +name: cron-job +version: 0.0.17 +icon: "https://zop.dev/logo.png" +maintainers: + - name: ZopDev url: zop.dev \ No newline at end of file diff --git a/charts/cron-job/README.md b/charts/cron-job/README.md index d698884b..1528614a 100644 --- a/charts/cron-job/README.md +++ b/charts/cron-job/README.md @@ -1,209 +1,209 @@ -# CronJob Helm Chart - -This Helm chart deploys a Kubernetes CronJob with configurable scheduling, resource management, and monitoring capabilities. It provides a flexible template for running scheduled tasks in your Kubernetes cluster. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - -## Get Helm Repository Info - -```console -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] zopdev/cron-job -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Configuration - -### Basic Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `name` | string | Name of the cron job | `"hello-api"` | -| `image` | string | Docker container image with tag | `"zopdev/sample-go-api:latest"` | -| `schedule` | string | Cron schedule for job execution | `"0 */1 * * *"` | -| `suspend` | boolean | Whether to suspend the cron job | `false` | -| `concurrencyPolicy` | string | How to handle concurrent executions (`Allow`, `Forbid`, `Replace`) | `"Replace"` | -| `command` | string | Command to execute in the container | `""` | - -### Resource Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `minCPU` | string | Minimum CPU resources required | `"100m"` | -| `minMemory` | string | Minimum memory resources required | `"128M"` | -| `maxCPU` | string | Maximum CPU resources allowed | `"500m"` | -| `maxMemory` | string | Maximum memory resources allowed | `"512M"` | - -### Port Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `httpPort` | integer | HTTP port for the container | `8000` | -| `metricsPort` | integer | Metrics port for Prometheus scraping | `2121` | - -### Environment Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `env` | map | Environment variables for the container | `{"APP_NAME": "hello-api"}` | -| `envList` | list | Environment variables as a list | `[]` | -| `envFrom.configmaps` | list | List of ConfigMaps to mount as environment variables | `[]` | -| `envFrom.secrets` | list | List of Secrets to mount as environment variables | `[]` | - -### Volume Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `volumeMounts.configmaps` | list | List of ConfigMaps to mount | `[]` | -| `volumeMounts.secrets` | list | List of Secrets to mount | `[]` | -| `volumeMounts.pvc` | list | List of PVCs to mount | `[]` | - -### Alerting Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `alerts.standard.infra.cronjobFailedThreshold` | integer | Alert if cron job execution fails beyond threshold | `0` | - -## Example values.yaml - -```yaml -# Name of the cron -name: hello-api - -# Docker container image with tag -image: "zopdev/sample-go-api:latest" - -imagePullSecrets: -# - gcr-secrets -# - acr-secrets -# - ecr-secrets - -#cron JOB -schedule: "0 */1 * * *" -suspend: false -concurrencyPolicy: "Replace" -command: "" - -# Port on which container runs its service -httpPort: 8000 -metricsPort: 2121 - -# Resource allocations -minCPU: "100m" -minMemory: "128M" -maxCPU: "500m" -maxMemory: "512M" - -envFrom: - secrets: [] #List of secrets - configmaps: [] #List of Configmaps - -# All environment variables can be passed as a map -env: - APP_NAME: hello-api - -# Environment variables as a list (new format) -envList: -# - name: APP_NAME -# value: hello-api -# - name: DB_HOST -# value: localhost - - -appSecrets: false - -volumeMounts: - configmaps: - # - name: zopdev-configmap - # mountPath: /etc/env - secrets: - # - name: zopdev-secret - # mountPath: /etc/secret - pvc: -# - name: zopdev-volume -# mountPath: /etc/data - -alerts: - standard: - infra: - cronjobFailedThreshold: 0 -datastores: - mysql: - postgres: - redis: - surrealdb: - solr: - chromadb: - mariadb: - cockroachdb: - cassandra: - redisdistributed: - scylladb: - kafka: -``` - -## Features - -- Configurable cron schedule -- Resource limits and requests -- Environment variable management -- Volume mounting support -- Prometheus metrics integration -- Job failure monitoring -- Concurrency policy control -- Support for various data stores: - - MySQL - - PostgreSQL - - Redis - - Solr - - SurrealDB - - ChromaDB - - MariaDB - - CockroachDB - - Cassandra - - Redis Distributed - - ScyllaDB - - Kafka - -## Architecture - -The CronJob deployment includes: -- Kubernetes CronJob resource -- Configurable container resources -- Volume mounts for data persistence -- Environment variable configuration -- Metrics endpoint for monitoring -- Alert rules for job failures - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. - +# CronJob Helm Chart + +This Helm chart deploys a Kubernetes CronJob with configurable scheduling, resource management, and monitoring capabilities. It provides a flexible template for running scheduled tasks in your Kubernetes cluster. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +## Get Helm Repository Info + +```console +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Helm Chart + +```console +helm install [RELEASE_NAME] zopdev/cron-job +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Helm Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Configuration + +### Basic Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `name` | string | Name of the cron job | `"hello-api"` | +| `image` | string | Docker container image with tag | `"zopdev/sample-go-api:latest"` | +| `schedule` | string | Cron schedule for job execution | `"0 */1 * * *"` | +| `suspend` | boolean | Whether to suspend the cron job | `false` | +| `concurrencyPolicy` | string | How to handle concurrent executions (`Allow`, `Forbid`, `Replace`) | `"Replace"` | +| `command` | string | Command to execute in the container | `""` | + +### Resource Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `minCPU` | string | Minimum CPU resources required | `"100m"` | +| `minMemory` | string | Minimum memory resources required | `"128M"` | +| `maxCPU` | string | Maximum CPU resources allowed | `"500m"` | +| `maxMemory` | string | Maximum memory resources allowed | `"512M"` | + +### Port Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `httpPort` | integer | HTTP port for the container | `8000` | +| `metricsPort` | integer | Metrics port for Prometheus scraping | `2121` | + +### Environment Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `env` | map | Environment variables for the container | `{"APP_NAME": "hello-api"}` | +| `envList` | list | Environment variables as a list | `[]` | +| `envFrom.configmaps` | list | List of ConfigMaps to mount as environment variables | `[]` | +| `envFrom.secrets` | list | List of Secrets to mount as environment variables | `[]` | + +### Volume Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `volumeMounts.configmaps` | list | List of ConfigMaps to mount | `[]` | +| `volumeMounts.secrets` | list | List of Secrets to mount | `[]` | +| `volumeMounts.pvc` | list | List of PVCs to mount | `[]` | + +### Alerting Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `alerts.standard.infra.cronjobFailedThreshold` | integer | Alert if cron job execution fails beyond threshold | `0` | + +## Example values.yaml + +```yaml +# Name of the cron +name: hello-api + +# Docker container image with tag +image: "zopdev/sample-go-api:latest" + +imagePullSecrets: +# - gcr-secrets +# - acr-secrets +# - ecr-secrets + +#cron JOB +schedule: "0 */1 * * *" +suspend: false +concurrencyPolicy: "Replace" +command: "" + +# Port on which container runs its service +httpPort: 8000 +metricsPort: 2121 + +# Resource allocations +minCPU: "100m" +minMemory: "128M" +maxCPU: "500m" +maxMemory: "512M" + +envFrom: + secrets: [] #List of secrets + configmaps: [] #List of Configmaps + +# All environment variables can be passed as a map +env: + APP_NAME: hello-api + +# Environment variables as a list (new format) +envList: +# - name: APP_NAME +# value: hello-api +# - name: DB_HOST +# value: localhost + + +appSecrets: false + +volumeMounts: + configmaps: + # - name: zopdev-configmap + # mountPath: /etc/env + secrets: + # - name: zopdev-secret + # mountPath: /etc/secret + pvc: +# - name: zopdev-volume +# mountPath: /etc/data + +alerts: + standard: + infra: + cronjobFailedThreshold: 0 +datastores: + mysql: + postgres: + redis: + surrealdb: + solr: + chromadb: + mariadb: + cockroachdb: + cassandra: + redisdistributed: + scylladb: + kafka: +``` + +## Features + +- Configurable cron schedule +- Resource limits and requests +- Environment variable management +- Volume mounting support +- Prometheus metrics integration +- Job failure monitoring +- Concurrency policy control +- Support for various data stores: + - MySQL + - PostgreSQL + - Redis + - Solr + - SurrealDB + - ChromaDB + - MariaDB + - CockroachDB + - Cassandra + - Redis Distributed + - ScyllaDB + - Kafka + +## Architecture + +The CronJob deployment includes: +- Kubernetes CronJob resource +- Configurable container resources +- Volume mounts for data persistence +- Environment variable configuration +- Metrics endpoint for monitoring +- Alert rules for job failures + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. + diff --git a/charts/cron-job/templates/alerts.yaml b/charts/cron-job/templates/alerts.yaml index 3d08d3b1..8dbbcba7 100644 --- a/charts/cron-job/templates/alerts.yaml +++ b/charts/cron-job/templates/alerts.yaml @@ -1,23 +1,23 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus - name: {{ .Values.name }} -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Values.name }}.rules - rules: - # Alert if the cron job failed. - - alert: {{ snakecase .Values.name }}_cron_job_failed - annotations: - description: "CronJob {{ .Values.name }} failed to complete in {{.Release.Name}} namespace." - expr: kube_job_status_failed{namespace="{{ .Release.Namespace }}",job_name=~"{{ .Values.name }}-.*"} > {{.Values.alerts.standard.infra.cronjobFailedThreshold}} - labels: - severity: critical - servicealert: "true" - service: {{ .Values.name }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus + name: {{ .Values.name }} +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Values.name }}.rules + rules: + # Alert if the cron job failed. + - alert: {{ snakecase .Values.name }}_cron_job_failed + annotations: + description: "CronJob {{ .Values.name }} failed to complete in {{.Release.Name}} namespace." + expr: kube_job_status_failed{namespace="{{ .Release.Namespace }}",job_name=~"{{ .Values.name }}-.*"} > {{.Values.alerts.standard.infra.cronjobFailedThreshold}} + labels: + severity: critical + servicealert: "true" + service: {{ .Values.name }} namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/cron-job/templates/cronJob.yaml b/charts/cron-job/templates/cronJob.yaml index a697ed6b..d7c05a0a 100644 --- a/charts/cron-job/templates/cronJob.yaml +++ b/charts/cron-job/templates/cronJob.yaml @@ -1,226 +1,226 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ .Values.name}} - labels: - app: {{ .Values.name }} - annotations: - configmap.reloader.stakater.com/reload: "{{ .Values.name }}" -spec: - schedule: {{ .Values.schedule | quote }} - suspend: {{ .Values.suspend }} - concurrencyPolicy: {{ .Values.concurrencyPolicy }} - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 2 - jobTemplate: - spec: - backoffLimit: 2 - template: - metadata: - name: {{ .Values.name}} - labels: - app: {{ .Values.name }} - spec: - {{- if .Values.imagePullSecrets}} - imagePullSecrets: - {{- range $v := .Values.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.appSecrets }} - serviceAccountName: secrets-account - {{- end }} - volumes: - {{- if .Values.volumeMounts }} - {{- range $k,$v := .Values.volumeMounts.configmaps }} - - name: {{ $v.name }} - configMap: - name: {{ $v.name }} - {{- end }} - {{- range $k,$v := .Values.volumeMounts.secrets }} - - name: {{ $v.name }} - secret: - secretName: {{ $v.name }} - {{- end }} - {{- range $k,$v := .Values.volumeMounts.pvc }} - - name: {{ $v.name }} - persistentVolumeClaim: - claimName: {{ $v.name }} - {{- end }} - {{- end }} - {{- if .Values.appSecrets }} - - name: app-secrets - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: "{{ .Values.name }}-secrets-application" - {{- end }} - containers: - - name: {{ .Values.name }} - image: {{ .Values.image }} - {{- if .Values.command }} - command: {{ tpl (toJson .Values.command) . }} - {{- end}} - imagePullPolicy: IfNotPresent - ports: - {{- if and .Values.metricsPort (ne (int .Values.metricsPort) 0) }} - - name: metrics-port - containerPort: {{ .Values.metricsPort }} - {{- end }} - envFrom: - {{- range $i, $name := .Values.envFrom.configmaps }} - - configMapRef: - name: {{ $name }} - {{- end }} - {{- range $i, $name := .Values.envFrom.secrets }} - - secretRef: - name: {{ $name }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.mysql }} - {{- range $i, $k := .Values.datastores.mysql }} - - configMapRef: - name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-mysql-configmap - - secretRef: - name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-mysql-database-secret - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.postgres }} - {{- range $i, $k := .Values.datastores.postgres }} - - configMapRef: - name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-postgres-configmap - - secretRef: - name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-postgres-database-secret - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.redis }} - {{- range $i, $k := .Values.datastores.redis }} - - configMapRef: - name: {{ $k.datastore }}-redis-service-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.solr }} - {{- range $i, $k := .Values.datastores.solr }} - - configMapRef: - name: {{ $k.datastore }}-solr-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.surrealdb }} - {{- range $i, $k := .Values.datastores.surrealdb }} - - configMapRef: - name: {{ $k.datastore }}-surrealdb-service-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.opentsdb }} - {{- range $i, $k := .Values.datastores.opentsdb }} - - configMapRef: - name: {{ $k.datastore }}-opentsdb-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.dgraph }} - {{- range $i, $k := .Values.datastores.dgraph }} - - configMapRef: - name: {{ $k.datastore }}-dgraph-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.chromadb }} - {{- range $i, $k := .Values.datastores.chromadb }} - - configMapRef: - name: {{ $k.datastore }}-chromadb-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.mariadb }} - {{- range $i, $k := .Values.datastores.mariadb }} - - configMapRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-mariadb-configmap - - secretRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-mariadb-database-secret - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.cockroachdb }} - {{- range $i, $k := .Values.datastores.cockroachdb }} - - configMapRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cockroachdb-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.cassandra }} - {{- range $i, $k := .Values.datastores.cassandra }} - - configMapRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cassandra-configmap - - secretRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cassandra-database-secret - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.redisdistributed }} - {{- range $i, $k := .Values.datastores.redisdistributed }} - - configMapRef: - name: {{ $k.datastore }}-redis-values-configmap - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.scylladb }} - {{- range $i, $k := .Values.datastores.scylladb }} - - configMapRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-scylladb-configmap - - secretRef: - name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-scylladb-database-secret - {{- end }} - {{- end }} - {{- if and .Values.datastores .Values.datastores.kafka }} - {{- range $i, $k := .Values.datastores.kafka }} - - configMapRef: - name: {{ $k.datastore }}-kafka-configmap - {{- end }} - {{- end }} - env: - {{- range $k,$v := .Values.env }} - {{- if ne (toString $v) ""}} - - name: {{ $k | quote }} - value: {{ $v | quote }} - {{- end }} - {{- end }} - {{- if .Values.envList }} - {{- toYaml .Values.envList | nindent 16 }} - {{- end }} - volumeMounts: - {{- if .Values.volumeMounts }} - {{- range $k,$v := .Values.volumeMounts.configmaps }} - - name: {{ $v.name }} - mountPath: {{ $v.mountPath }} - {{- if ne $v.subPath "" }} - subPath: {{ $v.subPath }} - {{- end }} - {{- end }} - {{- range $k,$v := .Values.volumeMounts.secrets }} - - name: {{ $v.name }} - mountPath: {{ $v.mountPath }} - {{- if ne $v.subPath "" }} - subPath: {{ $v.subPath }} - {{- end }} - {{- end }} - {{- range $k,$v := .Values.volumeMounts.pvc }} - - name: {{ $v.name }} - mountPath: {{ $v.mountPath }} - {{- if ne $v.subPath "" }} - subPath: {{ $v.subPath }} - {{- end }} - {{- end }} - {{- end }} - # Volume mount is required for the secret to sync with kubernetes secret - {{- if .Values.appSecrets }} - - name: app-secrets - mountPath: "/mnt/secrets-store" - readOnly: true - {{- end }} - resources: - requests: - memory: {{.Values.minMemory | quote }} - cpu: {{.Values.minCPU | quote }} - limits: - {{ if ne .Values.maxMemory "" }} - memory: {{.Values.maxMemory| quote }} - {{ end }} - {{ if ne .Values.maxCPU "" }} - cpu: {{.Values.maxCPU | quote }} - {{ end }} - restartPolicy: Never +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Values.name}} + labels: + app: {{ .Values.name }} + annotations: + configmap.reloader.stakater.com/reload: "{{ .Values.name }}" +spec: + schedule: {{ .Values.schedule | quote }} + suspend: {{ .Values.suspend }} + concurrencyPolicy: {{ .Values.concurrencyPolicy }} + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 2 + jobTemplate: + spec: + backoffLimit: 2 + template: + metadata: + name: {{ .Values.name}} + labels: + app: {{ .Values.name }} + spec: + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- range $v := .Values.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.appSecrets }} + serviceAccountName: secrets-account + {{- end }} + volumes: + {{- if .Values.volumeMounts }} + {{- range $k,$v := .Values.volumeMounts.configmaps }} + - name: {{ $v.name }} + configMap: + name: {{ $v.name }} + {{- end }} + {{- range $k,$v := .Values.volumeMounts.secrets }} + - name: {{ $v.name }} + secret: + secretName: {{ $v.name }} + {{- end }} + {{- range $k,$v := .Values.volumeMounts.pvc }} + - name: {{ $v.name }} + persistentVolumeClaim: + claimName: {{ $v.name }} + {{- end }} + {{- end }} + {{- if .Values.appSecrets }} + - name: app-secrets + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "{{ .Values.name }}-secrets-application" + {{- end }} + containers: + - name: {{ .Values.name }} + image: {{ .Values.image }} + {{- if .Values.command }} + command: {{ tpl (toJson .Values.command) . }} + {{- end}} + imagePullPolicy: IfNotPresent + ports: + {{- if and .Values.metricsPort (ne (int .Values.metricsPort) 0) }} + - name: metrics-port + containerPort: {{ .Values.metricsPort }} + {{- end }} + envFrom: + {{- range $i, $name := .Values.envFrom.configmaps }} + - configMapRef: + name: {{ $name }} + {{- end }} + {{- range $i, $name := .Values.envFrom.secrets }} + - secretRef: + name: {{ $name }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.mysql }} + {{- range $i, $k := .Values.datastores.mysql }} + - configMapRef: + name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-mysql-configmap + - secretRef: + name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-mysql-database-secret + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.postgres }} + {{- range $i, $k := .Values.datastores.postgres }} + - configMapRef: + name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-postgres-configmap + - secretRef: + name: {{ $k.datastore }}-{{ replace "_" "-" $k.database }}-{{ $.Release.Name}}-postgres-database-secret + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.redis }} + {{- range $i, $k := .Values.datastores.redis }} + - configMapRef: + name: {{ $k.datastore }}-redis-service-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.solr }} + {{- range $i, $k := .Values.datastores.solr }} + - configMapRef: + name: {{ $k.datastore }}-solr-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.surrealdb }} + {{- range $i, $k := .Values.datastores.surrealdb }} + - configMapRef: + name: {{ $k.datastore }}-surrealdb-service-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.opentsdb }} + {{- range $i, $k := .Values.datastores.opentsdb }} + - configMapRef: + name: {{ $k.datastore }}-opentsdb-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.dgraph }} + {{- range $i, $k := .Values.datastores.dgraph }} + - configMapRef: + name: {{ $k.datastore }}-dgraph-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.chromadb }} + {{- range $i, $k := .Values.datastores.chromadb }} + - configMapRef: + name: {{ $k.datastore }}-chromadb-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.mariadb }} + {{- range $i, $k := .Values.datastores.mariadb }} + - configMapRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-mariadb-configmap + - secretRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-mariadb-database-secret + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.cockroachdb }} + {{- range $i, $k := .Values.datastores.cockroachdb }} + - configMapRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cockroachdb-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.cassandra }} + {{- range $i, $k := .Values.datastores.cassandra }} + - configMapRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cassandra-configmap + - secretRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-cassandra-database-secret + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.redisdistributed }} + {{- range $i, $k := .Values.datastores.redisdistributed }} + - configMapRef: + name: {{ $k.datastore }}-redis-values-configmap + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.scylladb }} + {{- range $i, $k := .Values.datastores.scylladb }} + - configMapRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-scylladb-configmap + - secretRef: + name: {{ $k.datastore }}-{{ $k.database }}-{{ $.Release.Name}}-scylladb-database-secret + {{- end }} + {{- end }} + {{- if and .Values.datastores .Values.datastores.kafka }} + {{- range $i, $k := .Values.datastores.kafka }} + - configMapRef: + name: {{ $k.datastore }}-kafka-configmap + {{- end }} + {{- end }} + env: + {{- range $k,$v := .Values.env }} + {{- if ne (toString $v) ""}} + - name: {{ $k | quote }} + value: {{ $v | quote }} + {{- end }} + {{- end }} + {{- if .Values.envList }} + {{- toYaml .Values.envList | nindent 16 }} + {{- end }} + volumeMounts: + {{- if .Values.volumeMounts }} + {{- range $k,$v := .Values.volumeMounts.configmaps }} + - name: {{ $v.name }} + mountPath: {{ $v.mountPath }} + {{- if ne $v.subPath "" }} + subPath: {{ $v.subPath }} + {{- end }} + {{- end }} + {{- range $k,$v := .Values.volumeMounts.secrets }} + - name: {{ $v.name }} + mountPath: {{ $v.mountPath }} + {{- if ne $v.subPath "" }} + subPath: {{ $v.subPath }} + {{- end }} + {{- end }} + {{- range $k,$v := .Values.volumeMounts.pvc }} + - name: {{ $v.name }} + mountPath: {{ $v.mountPath }} + {{- if ne $v.subPath "" }} + subPath: {{ $v.subPath }} + {{- end }} + {{- end }} + {{- end }} + # Volume mount is required for the secret to sync with kubernetes secret + {{- if .Values.appSecrets }} + - name: app-secrets + mountPath: "/mnt/secrets-store" + readOnly: true + {{- end }} + resources: + requests: + memory: {{.Values.minMemory | quote }} + cpu: {{.Values.minCPU | quote }} + limits: + {{ if ne .Values.maxMemory "" }} + memory: {{.Values.maxMemory| quote }} + {{ end }} + {{ if ne .Values.maxCPU "" }} + cpu: {{.Values.maxCPU | quote }} + {{ end }} + restartPolicy: Never --- \ No newline at end of file diff --git a/charts/cron-job/values.yaml b/charts/cron-job/values.yaml index 2d1b0186..9f18463c 100644 --- a/charts/cron-job/values.yaml +++ b/charts/cron-job/values.yaml @@ -1,73 +1,73 @@ -# Name of the cron -name: hello-api - -# Docker container image with tag -image: "zopdev/sample-go-api:latest" - -imagePullSecrets: -# - gcr-secrets -# - acr-secrets -# - ecr-secrets - -#cron JOB -schedule: "0 */1 * * *" -suspend: false -concurrencyPolicy: "Replace" -command: "" - -# Port on which container runs its service -httpPort: 8000 -metricsPort: 2121 - -# Resource allocations -minCPU: "100m" -minMemory: "128M" -maxCPU: "500m" -maxMemory: "512M" - -envFrom: - secrets: [] #List of secrets - configmaps: [] #List of Configmaps - -# All environment variables can be passed as a map -env: - APP_NAME: hello-api - -# Environment variables as a list (new format) -envList: - # - name: APP_NAME - # value: hello-api - # - name: DB_HOST - # value: localhost - - -appSecrets: false - -volumeMounts: - configmaps: - # - name: zopdev-configmap - # mountPath: /etc/env - secrets: - # - name: zopdev-secret - # mountPath: /etc/secret - pvc: -# - name: zopdev-volume -# mountPath: /etc/data - -alerts: - standard: - infra: - cronjobFailedThreshold: 0 -datastores: - mysql: - postgres: - redis: - surrealdb: - solr: - chromadb: - mariadb: - cockroachdb: - cassandra: - redisdistributed: - scylladb: +# Name of the cron +name: hello-api + +# Docker container image with tag +image: "zopdev/sample-go-api:latest" + +imagePullSecrets: +# - gcr-secrets +# - acr-secrets +# - ecr-secrets + +#cron JOB +schedule: "0 */1 * * *" +suspend: false +concurrencyPolicy: "Replace" +command: "" + +# Port on which container runs its service +httpPort: 8000 +metricsPort: 2121 + +# Resource allocations +minCPU: "100m" +minMemory: "128M" +maxCPU: "500m" +maxMemory: "512M" + +envFrom: + secrets: [] #List of secrets + configmaps: [] #List of Configmaps + +# All environment variables can be passed as a map +env: + APP_NAME: hello-api + +# Environment variables as a list (new format) +envList: + # - name: APP_NAME + # value: hello-api + # - name: DB_HOST + # value: localhost + + +appSecrets: false + +volumeMounts: + configmaps: + # - name: zopdev-configmap + # mountPath: /etc/env + secrets: + # - name: zopdev-secret + # mountPath: /etc/secret + pvc: +# - name: zopdev-volume +# mountPath: /etc/data + +alerts: + standard: + infra: + cronjobFailedThreshold: 0 +datastores: + mysql: + postgres: + redis: + surrealdb: + solr: + chromadb: + mariadb: + cockroachdb: + cassandra: + redisdistributed: + scylladb: kafka: \ No newline at end of file diff --git a/charts/dgraph/Chart.yaml b/charts/dgraph/Chart.yaml index 7e4a3d52..08288be2 100644 --- a/charts/dgraph/Chart.yaml +++ b/charts/dgraph/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying dgraph datastore -name: dgraph -version: 0.0.3 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying dgraph datastore +name: dgraph +version: 0.0.3 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/dgraph/Readme.md b/charts/dgraph/Readme.md index e8fbe020..e2bf564c 100644 --- a/charts/dgraph/Readme.md +++ b/charts/dgraph/Readme.md @@ -1,172 +1,172 @@ -# Dgraph Helm Chart - -This Helm chart deploys a Dgraph cluster on Kubernetes, including Dgraph Zero and Dgraph Alpha components. Below is a detailed guide to the configuration options available. - ---- - -## Prerequisites -- Kubernetes 1.18+ -- Helm 3.0+ - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the dgraph Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/dgraph -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-dgraph zopdev/dgraph -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the dgraph Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-dgraph -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration -The table below outlines the essential configuration options. For a complete list, refer to the `values.yaml` file. - -### Helm Chart Configuration -| Input | Type | Description | Default | -|-------------------------|--------|-----------------------------------------|-----------------| -| `global.image.repository`| String | The Dgraph Docker image repository. | `dgraph/dgraph`| -| `global.image.tag` | String | The Dgraph image tag. | `v23.0.0` | -| `global.debug` | Bool | Enables debug logging for Dgraph. | `false` | -| `global.serviceAccount` | String | Service account for Dgraph pods. | `default` | - ---- - -### Zero Configuration -| Input | Type | Description | Default | -|----------------------------------|--------|-------------------------------------------------------|-----------------| -| `zero.replicas` | Int | Number of Dgraph Zero replicas. | `3` | -| `zero.resources.requests.cpu` | String | CPU request for Zero pods. | `250m` | -| `zero.resources.requests.memory` | String | Memory request for Zero pods. | `512Mi` | -| `zero.persistence.enabled` | Bool | Enables persistence for Zero pods. | `true` | -| `zero.persistence.storageClass` | String | Storage class for Zero persistence. | `""` | -| `zero.service.type` | String | Service type for Zero pods. | `ClusterIP` | -| `zero.tls.enabled` | Bool | Enables TLS for Zero communication. | `false` | - ---- - -### Alpha Configuration -| Input | Type | Description | Default | -|----------------------------------|--------|-------------------------------------------------------|-----------------| -| `alpha.replicas` | Int | Number of Dgraph Alpha replicas. | `3` | -| `alpha.resources.requests.cpu` | String | CPU request for Alpha pods. | `500m` | -| `alpha.resources.requests.memory`| String | Memory request for Alpha pods. | `1Gi` | -| `alpha.persistence.enabled` | Bool | Enables persistence for Alpha pods. | `true` | -| `alpha.persistence.storageClass` | String | Storage class for Alpha persistence. | `""` | -| `alpha.acl.enabled` | Bool | Enables ACL for securing Alpha endpoints. | `false` | -| `alpha.encryption.enabled` | Bool | Enables encryption at rest for Alpha data. | `false` | -| `alpha.service.type` | String | Service type for Alpha pods. | `ClusterIP` | -| `alpha.tls.enabled` | Bool | Enables TLS for Alpha communication. | `false` | - ---- - -## Example `values.yaml` -```yaml -global: - image: - repository: dgraph/dgraph - tag: v23.0.0 - debug: false - serviceAccount: default - -zero: - replicas: 3 - resources: - requests: - cpu: 250m - memory: 512Mi - persistence: - enabled: true - storageClass: "" - service: - type: ClusterIP - tls: - enabled: false - -alpha: - replicas: 3 - resources: - requests: - cpu: 500m - memory: 1Gi - persistence: - enabled: true - storageClass: "" - acl: - enabled: false - encryption: - enabled: false - service: - type: ClusterIP - tls: - enabled: false -``` - ---- - -## Features -- Simplifies Dgraph cluster deployment on Kubernetes. -- Configurable Dgraph Zero and Dgraph Alpha replicas. -- Supports TLS, encryption, and ACL for secure deployments. -- Persistent Volume support for data durability. -- Customizable resource requests and limits for scalability. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Dgraph Helm Chart + +This Helm chart deploys a Dgraph cluster on Kubernetes, including Dgraph Zero and Dgraph Alpha components. Below is a detailed guide to the configuration options available. + +--- + +## Prerequisites +- Kubernetes 1.18+ +- Helm 3.0+ + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the dgraph Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/dgraph +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-dgraph zopdev/dgraph +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the dgraph Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-dgraph +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration +The table below outlines the essential configuration options. For a complete list, refer to the `values.yaml` file. + +### Helm Chart Configuration +| Input | Type | Description | Default | +|-------------------------|--------|-----------------------------------------|-----------------| +| `global.image.repository`| String | The Dgraph Docker image repository. | `dgraph/dgraph`| +| `global.image.tag` | String | The Dgraph image tag. | `v23.0.0` | +| `global.debug` | Bool | Enables debug logging for Dgraph. | `false` | +| `global.serviceAccount` | String | Service account for Dgraph pods. | `default` | + +--- + +### Zero Configuration +| Input | Type | Description | Default | +|----------------------------------|--------|-------------------------------------------------------|-----------------| +| `zero.replicas` | Int | Number of Dgraph Zero replicas. | `3` | +| `zero.resources.requests.cpu` | String | CPU request for Zero pods. | `250m` | +| `zero.resources.requests.memory` | String | Memory request for Zero pods. | `512Mi` | +| `zero.persistence.enabled` | Bool | Enables persistence for Zero pods. | `true` | +| `zero.persistence.storageClass` | String | Storage class for Zero persistence. | `""` | +| `zero.service.type` | String | Service type for Zero pods. | `ClusterIP` | +| `zero.tls.enabled` | Bool | Enables TLS for Zero communication. | `false` | + +--- + +### Alpha Configuration +| Input | Type | Description | Default | +|----------------------------------|--------|-------------------------------------------------------|-----------------| +| `alpha.replicas` | Int | Number of Dgraph Alpha replicas. | `3` | +| `alpha.resources.requests.cpu` | String | CPU request for Alpha pods. | `500m` | +| `alpha.resources.requests.memory`| String | Memory request for Alpha pods. | `1Gi` | +| `alpha.persistence.enabled` | Bool | Enables persistence for Alpha pods. | `true` | +| `alpha.persistence.storageClass` | String | Storage class for Alpha persistence. | `""` | +| `alpha.acl.enabled` | Bool | Enables ACL for securing Alpha endpoints. | `false` | +| `alpha.encryption.enabled` | Bool | Enables encryption at rest for Alpha data. | `false` | +| `alpha.service.type` | String | Service type for Alpha pods. | `ClusterIP` | +| `alpha.tls.enabled` | Bool | Enables TLS for Alpha communication. | `false` | + +--- + +## Example `values.yaml` +```yaml +global: + image: + repository: dgraph/dgraph + tag: v23.0.0 + debug: false + serviceAccount: default + +zero: + replicas: 3 + resources: + requests: + cpu: 250m + memory: 512Mi + persistence: + enabled: true + storageClass: "" + service: + type: ClusterIP + tls: + enabled: false + +alpha: + replicas: 3 + resources: + requests: + cpu: 500m + memory: 1Gi + persistence: + enabled: true + storageClass: "" + acl: + enabled: false + encryption: + enabled: false + service: + type: ClusterIP + tls: + enabled: false +``` + +--- + +## Features +- Simplifies Dgraph cluster deployment on Kubernetes. +- Configurable Dgraph Zero and Dgraph Alpha replicas. +- Supports TLS, encryption, and ACL for secure deployments. +- Persistent Volume support for data durability. +- Customizable resource requests and limits for scalability. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/dgraph/templates/_helpers.tpl b/charts/dgraph/templates/_helpers.tpl index 074f8d98..67a94184 100644 --- a/charts/dgraph/templates/_helpers.tpl +++ b/charts/dgraph/templates/_helpers.tpl @@ -1,159 +1,159 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dgraph.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 24 -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "dgraph.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 24 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 24 -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dgraph.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified data name. -*/}} -{{- define "dgraph.zero.fullname" -}} -{{ template "dgraph.fullname" . }}-zero -{{- end -}} - -{{/* -Create a default fully qualified data name. -*/}} -{{- define "dgraph.backups.fullname" -}} -{{ template "dgraph.fullname" . }}-{{ .Values.backups.name }} -{{- end -}} - -{{/* -Create a semVer/calVer version from image.tag so that it can be safely use in -version comparisions used to toggle features or behavior. -*/}} -{{- define "dgraph.version" -}} -{{- $safeVersion := "v24.0.5" -}} -{{- if (eq $safeVersion "shuri") -}} - {{- $safeVersion = "v20.07.1" -}} -{{- else if (regexMatch "^[^v].*" $safeVersion) -}} - {{- $safeVersion = "v50.0.0" -}} -{{- end -}} -{{- printf "%s" $safeVersion -}} -{{- end -}} - - -{{/* -Return the backups image name -*/}} -{{- define "dgraph.backups.image" -}} -{{- $registryName := .Values.backups.image.registry -}} -{{- $repositoryName := .Values.backups.image.repository -}} -{{- $tag := .Values.backups.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the ratel image name -*/}} -{{- define "dgraph.ratel.image" -}} -{{- $registryName := .Values.ratel.image.registry -}} -{{- $repositoryName := .Values.ratel.image.repository -}} -{{- $tag := .Values.ratel.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - - -{{/* -Return empty string if minio keys are not defined -*/}} -{{- define "dgraph.backups.keys.minio.enabled" -}} -{{- $minioEnabled := "" -}} -{{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} -{{- if $backupsEnabled -}} - {{- if .Values.backups.keys -}} - {{- if .Values.backups.keys.minio -}} - {{- if and .Values.backups.keys.minio.access .Values.backups.keys.minio.secret -}} - {{- $minioEnabled = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- printf "%s" $minioEnabled -}} -{{- end -}} - -{{/* -Return empty string if s3 keys are not defined -*/}} -{{- define "dgraph.backups.keys.s3.enabled" -}} -{{- $s3Enabled := "" -}} -{{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} -{{- if $backupsEnabled -}} - {{- if .Values.backups.keys -}} - {{- if .Values.backups.keys.s3 -}} - {{- if and .Values.backups.keys.s3.access .Values.backups.keys.s3.secret -}} - {{- $s3Enabled = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- printf "%s" $s3Enabled -}} -{{- end -}} - -{{/* -Return the initContainers image name -*/}} -{{- define "dgraph.initContainers.init.image" -}} -{{- $registryName := .Values.alpha.initContainers.init.image.registry -}} -{{- $repositoryName := .Values.alpha.initContainers.init.image.repository -}} -{{- $tag := .Values.alpha.initContainers.init.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "dgraph.image" -}} -{{- $registryName := "docker.io" -}} -{{- $repositoryName := "dgraph/dgraph" -}} -{{- $tag := "v24.0.5" -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Create a default fully qualified alpha name. -*/}} -{{- define "dgraph.alpha.fullname" -}} -{{ template "dgraph.fullname" . }}-alpha -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "dgraph.serviceAccountName" -}} -{{- default (include "dgraph.fullname" .) "dgraph" }} -{{- end }} - -{{/* -Create a default fully qualified ratel name. -*/}} -{{- define "dgraph.ratel.fullname" -}} -{{ template "dgraph.fullname" . }}-{{ .Values.ratel.name }} -{{- end -}} - -{{/* -Allow overriding namespace -*/}} -{{- define "dgraph.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "dgraph.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 24 -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "dgraph.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 24 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 24 -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dgraph.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified data name. +*/}} +{{- define "dgraph.zero.fullname" -}} +{{ template "dgraph.fullname" . }}-zero +{{- end -}} + +{{/* +Create a default fully qualified data name. +*/}} +{{- define "dgraph.backups.fullname" -}} +{{ template "dgraph.fullname" . }}-{{ .Values.backups.name }} +{{- end -}} + +{{/* +Create a semVer/calVer version from image.tag so that it can be safely use in +version comparisions used to toggle features or behavior. +*/}} +{{- define "dgraph.version" -}} +{{- $safeVersion := "v24.0.5" -}} +{{- if (eq $safeVersion "shuri") -}} + {{- $safeVersion = "v20.07.1" -}} +{{- else if (regexMatch "^[^v].*" $safeVersion) -}} + {{- $safeVersion = "v50.0.0" -}} +{{- end -}} +{{- printf "%s" $safeVersion -}} +{{- end -}} + + +{{/* +Return the backups image name +*/}} +{{- define "dgraph.backups.image" -}} +{{- $registryName := .Values.backups.image.registry -}} +{{- $repositoryName := .Values.backups.image.repository -}} +{{- $tag := .Values.backups.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the ratel image name +*/}} +{{- define "dgraph.ratel.image" -}} +{{- $registryName := .Values.ratel.image.registry -}} +{{- $repositoryName := .Values.ratel.image.repository -}} +{{- $tag := .Values.ratel.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + + +{{/* +Return empty string if minio keys are not defined +*/}} +{{- define "dgraph.backups.keys.minio.enabled" -}} +{{- $minioEnabled := "" -}} +{{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} +{{- if $backupsEnabled -}} + {{- if .Values.backups.keys -}} + {{- if .Values.backups.keys.minio -}} + {{- if and .Values.backups.keys.minio.access .Values.backups.keys.minio.secret -}} + {{- $minioEnabled = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- printf "%s" $minioEnabled -}} +{{- end -}} + +{{/* +Return empty string if s3 keys are not defined +*/}} +{{- define "dgraph.backups.keys.s3.enabled" -}} +{{- $s3Enabled := "" -}} +{{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} +{{- if $backupsEnabled -}} + {{- if .Values.backups.keys -}} + {{- if .Values.backups.keys.s3 -}} + {{- if and .Values.backups.keys.s3.access .Values.backups.keys.s3.secret -}} + {{- $s3Enabled = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- printf "%s" $s3Enabled -}} +{{- end -}} + +{{/* +Return the initContainers image name +*/}} +{{- define "dgraph.initContainers.init.image" -}} +{{- $registryName := .Values.alpha.initContainers.init.image.registry -}} +{{- $repositoryName := .Values.alpha.initContainers.init.image.repository -}} +{{- $tag := .Values.alpha.initContainers.init.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "dgraph.image" -}} +{{- $registryName := "docker.io" -}} +{{- $repositoryName := "dgraph/dgraph" -}} +{{- $tag := "v24.0.5" -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Create a default fully qualified alpha name. +*/}} +{{- define "dgraph.alpha.fullname" -}} +{{ template "dgraph.fullname" . }}-alpha +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dgraph.serviceAccountName" -}} +{{- default (include "dgraph.fullname" .) "dgraph" }} +{{- end }} + +{{/* +Create a default fully qualified ratel name. +*/}} +{{- define "dgraph.ratel.fullname" -}} +{{ template "dgraph.fullname" . }}-{{ .Values.ratel.name }} +{{- end -}} + +{{/* +Allow overriding namespace +*/}} +{{- define "dgraph.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end -}} diff --git a/charts/dgraph/templates/alpha/statefulset.yaml b/charts/dgraph/templates/alpha/statefulset.yaml index 46cb2209..2e473b78 100644 --- a/charts/dgraph/templates/alpha/statefulset.yaml +++ b/charts/dgraph/templates/alpha/statefulset.yaml @@ -1,138 +1,138 @@ -{{- /* Generate comma-separated list of Zeros */}} -{{- define "multi_zeros" -}} - {{- $zeroFullName := include "dgraph.zero.fullname" . -}} - {{- $max := 1 -}} - {{- $safeVersion := include "dgraph.version" . -}} - {{- /* Reset $max to 1 if multiple zeros not supported by dgraph version */}} - {{- if semverCompare "< 1.2.3 || 20.03.0" $safeVersion -}} - {{- $max = 1 -}} - {{- end -}} - - {{- $domainSuffix := ".cluster.local" -}} - - {{- /* Create comma-separated list of zeros */}} - {{- range $idx := until $max }} - {{- printf "%s-%d.%s-headless.${POD_NAMESPACE}.svc%s:5080" $zeroFullName $idx $zeroFullName $domainSuffix -}} - {{- if ne $idx (sub $max 1) -}} - {{- print "," -}} - {{- end -}} - {{ end }} -{{- end -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "dgraph.alpha.fullname" . }} - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ template "dgraph.alpha.fullname" . }}-headless - replicas: 1 - podManagementPolicy: Parallel - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "alpha" - template: - metadata: - name: {{ template "dgraph.alpha.fullname" . }} - annotations: - prometheus.io/path: /debug/prometheus_metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "alpha" - spec: - serviceAccountName: dgraph - automountServiceAccountToken: true - {{- if .Values.alpha.schedulerName }} - schedulerName: {{ .Values.alpha.schedulerName }} - {{- end }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - alpha - topologyKey: "kubernetes.io/hostname" - containers: - - name: {{ template "dgraph.alpha.fullname" . }} - image: {{ template "dgraph.image" . }} - ports: - - containerPort: 7080 - name: grpc-alpha-int - - containerPort: 8080 - name: http-alpha - - containerPort: 9080 - name: grpc-alpha - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{/* NOTE: awk '{gsub(/\.$/,"") needed to trim */}} - command: - - bash - - "-c" - ## NOTE: awk gsub is needed to trim trailing period otherwise it causes - ## crash for Kubernetes without the domain name - {{- /* TODO: Remove awk-gsub once dgraph-io/dgraph#6837 is merged and back-ported. */}} - - | - set -ex - dgraph alpha --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):7080 --zero {{ template "multi_zeros" . }} - resources: -{{ toYaml .Values.alpha.resources | indent 10 }} - livenessProbe: - httpGet: - port: 8080 - path: /health?live=1 - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - httpGet: - port: 8080 - path: /probe/graphql - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: datadir - mountPath: /dgraph - terminationGracePeriodSeconds: 600 - volumes: - - name: datadir - persistentVolumeClaim: - claimName: datadir - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - volume.alpha.kubernetes.io/storage-class: anything - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.alpha.diskSize }} +{{- /* Generate comma-separated list of Zeros */}} +{{- define "multi_zeros" -}} + {{- $zeroFullName := include "dgraph.zero.fullname" . -}} + {{- $max := 1 -}} + {{- $safeVersion := include "dgraph.version" . -}} + {{- /* Reset $max to 1 if multiple zeros not supported by dgraph version */}} + {{- if semverCompare "< 1.2.3 || 20.03.0" $safeVersion -}} + {{- $max = 1 -}} + {{- end -}} + + {{- $domainSuffix := ".cluster.local" -}} + + {{- /* Create comma-separated list of zeros */}} + {{- range $idx := until $max }} + {{- printf "%s-%d.%s-headless.${POD_NAMESPACE}.svc%s:5080" $zeroFullName $idx $zeroFullName $domainSuffix -}} + {{- if ne $idx (sub $max 1) -}} + {{- print "," -}} + {{- end -}} + {{ end }} +{{- end -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "dgraph.alpha.fullname" . }} + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ template "dgraph.alpha.fullname" . }}-headless + replicas: 1 + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "alpha" + template: + metadata: + name: {{ template "dgraph.alpha.fullname" . }} + annotations: + prometheus.io/path: /debug/prometheus_metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "alpha" + spec: + serviceAccountName: dgraph + automountServiceAccountToken: true + {{- if .Values.alpha.schedulerName }} + schedulerName: {{ .Values.alpha.schedulerName }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: component + operator: In + values: + - alpha + topologyKey: "kubernetes.io/hostname" + containers: + - name: {{ template "dgraph.alpha.fullname" . }} + image: {{ template "dgraph.image" . }} + ports: + - containerPort: 7080 + name: grpc-alpha-int + - containerPort: 8080 + name: http-alpha + - containerPort: 9080 + name: grpc-alpha + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{/* NOTE: awk '{gsub(/\.$/,"") needed to trim */}} + command: + - bash + - "-c" + ## NOTE: awk gsub is needed to trim trailing period otherwise it causes + ## crash for Kubernetes without the domain name + {{- /* TODO: Remove awk-gsub once dgraph-io/dgraph#6837 is merged and back-ported. */}} + - | + set -ex + dgraph alpha --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):7080 --zero {{ template "multi_zeros" . }} + resources: +{{ toYaml .Values.alpha.resources | indent 10 }} + livenessProbe: + httpGet: + port: 8080 + path: /health?live=1 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + port: 8080 + path: /probe/graphql + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: datadir + mountPath: /dgraph + terminationGracePeriodSeconds: 600 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + volume.alpha.kubernetes.io/storage-class: anything + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.alpha.diskSize }} storageClassName: "" \ No newline at end of file diff --git a/charts/dgraph/templates/alpha/svc-headless.yaml b/charts/dgraph/templates/alpha/svc-headless.yaml index c582bfe2..e9f59670 100644 --- a/charts/dgraph/templates/alpha/svc-headless.yaml +++ b/charts/dgraph/templates/alpha/svc-headless.yaml @@ -1,24 +1,24 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dgraph.alpha.fullname" . }}-headless - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: grpc-alpha-int - port: 7080 - targetPort: 7080 - selector: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} - publishNotReadyAddresses: true +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dgraph.alpha.fullname" . }}-headless + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: grpc-alpha-int + port: 7080 + targetPort: 7080 + selector: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} + publishNotReadyAddresses: true diff --git a/charts/dgraph/templates/alpha/svc.yaml b/charts/dgraph/templates/alpha/svc.yaml index ea7dd339..cea966be 100644 --- a/charts/dgraph/templates/alpha/svc.yaml +++ b/charts/dgraph/templates/alpha/svc.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dgraph.alpha.fullname" . }} - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - monitor: "alpha-dgraph-io" -spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: 8080 - name: http-alpha - - port: 9080 - name: grpc-alpha - selector: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dgraph.alpha.fullname" . }} + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + monitor: "alpha-dgraph-io" +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + name: http-alpha + - port: 9080 + name: grpc-alpha + selector: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} diff --git a/charts/dgraph/templates/config-map.yaml b/charts/dgraph/templates/config-map.yaml index 4b44e035..6bb43a1b 100644 --- a/charts/dgraph/templates/config-map.yaml +++ b/charts/dgraph/templates/config-map.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-dgraph-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - DGRAPH_HOST: {{ .Release.Name}}-dgraph-alpha - DGRAPH_RPC_PORT: "9080" +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-dgraph-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + DGRAPH_HOST: {{ .Release.Name}}-dgraph-alpha + DGRAPH_RPC_PORT: "9080" DGRAPH_HTTP_PORT: "8080" \ No newline at end of file diff --git a/charts/dgraph/templates/serviceaccount.yaml b/charts/dgraph/templates/serviceaccount.yaml index 1c5ad07b..36863ac6 100644 --- a/charts/dgraph/templates/serviceaccount.yaml +++ b/charts/dgraph/templates/serviceaccount.yaml @@ -1,12 +1,12 @@ -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: {{ template "dgraph.serviceAccountName" . }} - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "alpha" - release: {{ .Release.Name }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: {{ template "dgraph.serviceAccountName" . }} + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "alpha" + release: {{ .Release.Name }} heritage: {{ .Release.Service }} \ No newline at end of file diff --git a/charts/dgraph/templates/zero/statefulset.yaml b/charts/dgraph/templates/zero/statefulset.yaml index 7e67d744..f5194512 100644 --- a/charts/dgraph/templates/zero/statefulset.yaml +++ b/charts/dgraph/templates/zero/statefulset.yaml @@ -1,137 +1,137 @@ -{{- /* Generate domain name for first zero in cluster */}} -{{- define "peer_zero" -}} - {{- $zeroFullName := include "dgraph.zero.fullname" . -}} - - {{- $domainSuffix := ".cluster.local" -}} - - {{- printf "%s-%d.%s-headless.${POD_NAMESPACE}.svc%s:5080" $zeroFullName 0 $zeroFullName $domainSuffix -}} -{{- end -}} -{{- /* Superflag (v21.03.0) support and legacy flags */}} -{{- define "raft_index_flag" -}} - {{- $safeVersion := include "dgraph.version" . -}} - {{- if semverCompare ">= 21.03.0" $safeVersion -}} - {{- printf "--raft idx=" -}} - {{- else -}} - {{- printf "--idx " -}} - {{- end -}} -{{- end -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "dgraph.zero.fullname" . }}" - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "zero" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ template "dgraph.zero.fullname" . }}-headless - replicas: 1 - podManagementPolicy: "Parallel" - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "zero" - template: - metadata: - name: {{ template "dgraph.zero.fullname" . }} - annotations: - prometheus.io/path: /debug/prometheus_metrics - prometheus.io/port: "6080" - prometheus.io/scrape: "true" - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "zero" - spec: - serviceAccountName: dgraph - automountServiceAccountToken: true - {{- if .Values.zero.schedulerName }} - schedulerName: {{ .Values.zero.schedulerName }} - {{- end }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - zero - topologyKey: "kubernetes.io/hostname" - containers: - - name: {{ template "dgraph.zero.fullname" . }} - image: {{ template "dgraph.image" . }} - ports: - - containerPort: 5080 - name: grpc-zero - - containerPort: 6080 - name: http-zero - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - command: - - bash - - "-c" - - | - set -ex - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - idx=$(($ordinal + 1)) - if [[ $ordinal -eq 0 ]]; then - exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 {{ template "raft_index_flag" . }}$idx --replicas 5 - else - exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 --peer {{ template "peer_zero" . }} {{ template "raft_index_flag" . }}$idx --replicas 5 - fi - resources: -{{ toYaml .Values.zero.resources | indent 10 }} - livenessProbe: - httpGet: - port: 6080 - path: /health - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - httpGet: - port: 6080 - path: /state - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: datadir - mountPath: /dgraph - terminationGracePeriodSeconds: 60 - volumes: - - name: datadir - persistentVolumeClaim: - claimName: datadir - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - volume.alpha.kubernetes.io/storage-class: anything - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.zero.diskSize }} - storageClassName: "" +{{- /* Generate domain name for first zero in cluster */}} +{{- define "peer_zero" -}} + {{- $zeroFullName := include "dgraph.zero.fullname" . -}} + + {{- $domainSuffix := ".cluster.local" -}} + + {{- printf "%s-%d.%s-headless.${POD_NAMESPACE}.svc%s:5080" $zeroFullName 0 $zeroFullName $domainSuffix -}} +{{- end -}} +{{- /* Superflag (v21.03.0) support and legacy flags */}} +{{- define "raft_index_flag" -}} + {{- $safeVersion := include "dgraph.version" . -}} + {{- if semverCompare ">= 21.03.0" $safeVersion -}} + {{- printf "--raft idx=" -}} + {{- else -}} + {{- printf "--idx " -}} + {{- end -}} +{{- end -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "dgraph.zero.fullname" . }}" + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "zero" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ template "dgraph.zero.fullname" . }}-headless + replicas: 1 + podManagementPolicy: "Parallel" + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "zero" + template: + metadata: + name: {{ template "dgraph.zero.fullname" . }} + annotations: + prometheus.io/path: /debug/prometheus_metrics + prometheus.io/port: "6080" + prometheus.io/scrape: "true" + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "zero" + spec: + serviceAccountName: dgraph + automountServiceAccountToken: true + {{- if .Values.zero.schedulerName }} + schedulerName: {{ .Values.zero.schedulerName }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: component + operator: In + values: + - zero + topologyKey: "kubernetes.io/hostname" + containers: + - name: {{ template "dgraph.zero.fullname" . }} + image: {{ template "dgraph.image" . }} + ports: + - containerPort: 5080 + name: grpc-zero + - containerPort: 6080 + name: http-zero + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + command: + - bash + - "-c" + - | + set -ex + [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 + ordinal=${BASH_REMATCH[1]} + idx=$(($ordinal + 1)) + if [[ $ordinal -eq 0 ]]; then + exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 {{ template "raft_index_flag" . }}$idx --replicas 5 + else + exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 --peer {{ template "peer_zero" . }} {{ template "raft_index_flag" . }}$idx --replicas 5 + fi + resources: +{{ toYaml .Values.zero.resources | indent 10 }} + livenessProbe: + httpGet: + port: 6080 + path: /health + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + port: 6080 + path: /state + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: datadir + mountPath: /dgraph + terminationGracePeriodSeconds: 60 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + volume.alpha.kubernetes.io/storage-class: anything + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.zero.diskSize }} + storageClassName: "" diff --git a/charts/dgraph/templates/zero/svc-headless.yaml b/charts/dgraph/templates/zero/svc-headless.yaml index 34e61827..49fca2db 100644 --- a/charts/dgraph/templates/zero/svc-headless.yaml +++ b/charts/dgraph/templates/zero/svc-headless.yaml @@ -1,24 +1,24 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dgraph.zero.fullname" . }}-headless - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "zero" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: grpc-zero - port: 5080 - targetPort: 5080 - selector: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "zero" - publishNotReadyAddresses: true +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dgraph.zero.fullname" . }}-headless + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "zero" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: grpc-zero + port: 5080 + targetPort: 5080 + selector: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "zero" + publishNotReadyAddresses: true diff --git a/charts/dgraph/templates/zero/svc.yaml b/charts/dgraph/templates/zero/svc.yaml index cc32b2bb..8ae02992 100644 --- a/charts/dgraph/templates/zero/svc.yaml +++ b/charts/dgraph/templates/zero/svc.yaml @@ -1,29 +1,29 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dgraph.zero.fullname" . }} - namespace: {{ include "dgraph.namespace" . }} - labels: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - component: "zero" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - monitor: "zero-dgraph-io" -spec: - type: ClusterIP - {{- if .Values.zero.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.zero.externalTrafficPolicy }} - {{- end }} - ports: - - port: 5080 - targetPort: 5080 - name: grpc-zero - - port: 6080 - targetPort: 6080 - name: http-zero - selector: - app: {{ template "dgraph.name" . }} - chart: {{ template "dgraph.chart" . }} - release: {{ .Release.Name }} - component: "zero" +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dgraph.zero.fullname" . }} + namespace: {{ include "dgraph.namespace" . }} + labels: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + component: "zero" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + monitor: "zero-dgraph-io" +spec: + type: ClusterIP + {{- if .Values.zero.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.zero.externalTrafficPolicy }} + {{- end }} + ports: + - port: 5080 + targetPort: 5080 + name: grpc-zero + - port: 6080 + targetPort: 6080 + name: http-zero + selector: + app: {{ template "dgraph.name" . }} + chart: {{ template "dgraph.chart" . }} + release: {{ .Release.Name }} + component: "zero" diff --git a/charts/dgraph/values.schema.json b/charts/dgraph/values.schema.json index 1561b184..ba34f293 100644 --- a/charts/dgraph/values.schema.json +++ b/charts/dgraph/values.schema.json @@ -1,86 +1,86 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - }, - "zero": { - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { "type": "string" ,"default" : "100m","mutable": true}, - "memory": { "type": "string" ,"default" : "100M","mutable": true} - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { "type": "string" ,"default" : "1000m","mutable": true}, - "memory": { "type": "string" ,"default" : "1Gi","mutable": true} - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - }, - "diskSize": { - "type": "string", - "default": "10Gi", "mutable": true, - "editDisabled": true - } - }, - "required": ["resources", "diskSize"] - }, - "alpha": { - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { "type": "string" ,"default" : "100m","mutable": true}, - "memory": { "type": "string" ,"default" : "100M","mutable": true} - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { "type": "string" ,"default" : "1000m","mutable": true}, - "memory": { "type": "string" ,"default" : "1Gi","mutable": true} - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - }, - "diskSize": { - "type": "string", - "default": "10Gi", "mutable": true, - "editDisabled": true - } - }, - "required": ["resources", "diskSize"] - } - }, - - "required": ["zero", "alpha"] -} +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + }, + "zero": { + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { "type": "string" ,"default" : "100m","mutable": true}, + "memory": { "type": "string" ,"default" : "100M","mutable": true} + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { "type": "string" ,"default" : "1000m","mutable": true}, + "memory": { "type": "string" ,"default" : "1Gi","mutable": true} + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + }, + "diskSize": { + "type": "string", + "default": "10Gi", "mutable": true, + "editDisabled": true + } + }, + "required": ["resources", "diskSize"] + }, + "alpha": { + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { "type": "string" ,"default" : "100m","mutable": true}, + "memory": { "type": "string" ,"default" : "100M","mutable": true} + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { "type": "string" ,"default" : "1000m","mutable": true}, + "memory": { "type": "string" ,"default" : "1Gi","mutable": true} + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + }, + "diskSize": { + "type": "string", + "default": "10Gi", "mutable": true, + "editDisabled": true + } + }, + "required": ["resources", "diskSize"] + } + }, + + "required": ["zero", "alpha"] +} diff --git a/charts/dgraph/values.yaml b/charts/dgraph/values.yaml index 401a6234..17f4b0c7 100644 --- a/charts/dgraph/values.yaml +++ b/charts/dgraph/values.yaml @@ -1,21 +1,21 @@ -zero: - resources: - requests: - cpu: "100m" - memory: "100M" - limits: - cpu: "1000m" - memory: "1Gi" - - diskSize: "10Gi" - -alpha: - resources: - requests: - cpu: "100m" - memory: "100M" - limits: - cpu: "1000m" - memory: "1Gi" - - diskSize: "10Gi" +zero: + resources: + requests: + cpu: "100m" + memory: "100M" + limits: + cpu: "1000m" + memory: "1Gi" + + diskSize: "10Gi" + +alpha: + resources: + requests: + cpu: "100m" + memory: "100M" + limits: + cpu: "1000m" + memory: "1Gi" + + diskSize: "10Gi" diff --git a/charts/huggingface/Chart.yaml b/charts/huggingface/Chart.yaml new file mode 100644 index 00000000..79841f43 --- /dev/null +++ b/charts/huggingface/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: huggingface +description: A Helm chart for deploying Hugging Face Text Generation Inference (TGI) +type: application +version: 0.1.0 +appVersion: "1.0" +annotations: + type: application diff --git a/charts/huggingface/README.md b/charts/huggingface/README.md new file mode 100644 index 00000000..3ca7a1d0 --- /dev/null +++ b/charts/huggingface/README.md @@ -0,0 +1,159 @@ +# HuggingFace TGI Helm Chart + +This Helm chart deploys [Hugging Face Text Generation Inference (TGI)](https://github.com/huggingface/text-generation-inference) on Kubernetes. It is designed for running large language models (LLMs) with optimized serving and autoscaling. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- NVIDIA GPU support (for GPU-based deployments) +- `nvidia-device-plugin` installed (for GPU scheduling) + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +--- + +## Install Helm Chart + +To install the chart with default values: + +```bash +helm install huggingface zopdev/huggingface +``` + +To install with custom values: + +```bash +helm install huggingface zopdev/huggingface -f values.yaml +``` + +--- + +## Uninstall Helm Chart + +```bash +helm uninstall huggingface +``` + +--- + +## Configuration + +The following table lists the configurable parameters of the HuggingFace chart: + +| **Parameter** | **Type** | **Description** | **Default** | +|----------------------------|-----------|-----------------------------------------------------------------------------|------------------------------------------| +| `image.repository` | string | Docker image repository | `ghcr.io/huggingface/text-generation-inference` | +| `image.tag` | string | Image tag | `latest` | +| `replicaCount` | int | Number of replicas | `1` | +| `service.port` | int | Service port | `80` | +| `model.id` | string | Model ID to serve | `gpt2` | +| `resources.limits.gpu` | string | GPU limits (e.g., `1` for 1 GPU) | `1` | +| `autoscaling.enabled` | bool | Enable Horizontal Pod Autoscaler | `false` | +| `ingress.enabled` | bool | Enable ingress | `false` | +| `ingress.hosts` | list | List of ingress hosts | `[]` | + +--- + +## Example `values.yaml` + +```yaml +image: + repository: ghcr.io/huggingface/text-generation-inference + tag: latest + +replicaCount: 1 + +model: + id: gpt2 + +resources: + limits: + nvidia.com/gpu: 1 + requests: + cpu: "500m" + memory: "2Gi" + +autoscaling: + enabled: false + +ingress: + enabled: false + +service: + type: ClusterIP + port: 80 +``` + +--- + +## Alerts + +Prometheus-compatible alert included: + +- **HuggingFaceDown**: Triggers when no instances are available for 1 minute. + +--- + +## Features + +- Deploy Hugging Face TGI inference server +- GPU support via NVIDIA plugin +- Configurable model loading +- Autoscaling via HPA +- Prometheus alerts and ServiceMonitor +- Ingress support +- Secure credential templating + +--- + +## Architecture + +This chart deploys the following components: + +- TGI Deployment +- Kubernetes Service +- Optional Ingress resource +- HPA (if enabled) +- Prometheus ServiceMonitor +- Optional alert rules (e.g., HuggingFaceDown) +- Credential file templating via `huggingface-login.yaml` + +--- + +## Security Features + +- Container resource limits +- Pod security context +- Optional ingress security +- Credential secrets managed securely +- Cloud metadata blocking recommended + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. diff --git a/charts/huggingface/templates/_helpers.tpl b/charts/huggingface/templates/_helpers.tpl new file mode 100644 index 00000000..2044632c --- /dev/null +++ b/charts/huggingface/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{- define "huggingface.name" -}} +huggingface +{{- end }} + +{{- define "huggingface.fullname" -}} +{{ .Release.Name }}-huggingface +{{- end }} + +{{- define "huggingface.labels" -}} +app.kubernetes.io/name: huggingface +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/huggingface/templates/alerts.yaml b/charts/huggingface/templates/alerts.yaml new file mode 100644 index 00000000..51d2b672 --- /dev/null +++ b/charts/huggingface/templates/alerts.yaml @@ -0,0 +1,19 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }}-alerts + labels: + release: {{ .Release.Name }} + app: huggingface +spec: + groups: + - name: huggingface-alerts + rules: + - alert: HuggingFaceDown + expr: absent(up{job="huggingface"} == 1) + for: 1m + labels: + severity: critical + annotations: + summary: "HuggingFace deployment down" + description: "No HuggingFace instance is running for more than 1 minute." diff --git a/charts/huggingface/templates/deployment.yaml b/charts/huggingface/templates/deployment.yaml new file mode 100644 index 00000000..ae9e95ba --- /dev/null +++ b/charts/huggingface/templates/deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "huggingface.fullname" . }} + labels: + {{- include "huggingface.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "huggingface.name" . }} + template: + metadata: + labels: + app: {{ include "huggingface.name" . }} + spec: + containers: + - name: huggingface + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 80 + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/huggingface/templates/hpa.yaml b/charts/huggingface/templates/hpa.yaml new file mode 100644 index 00000000..fec027a6 --- /dev/null +++ b/charts/huggingface/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "huggingface.fullname" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "huggingface.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} diff --git a/charts/huggingface/templates/huggingface-login.yaml b/charts/huggingface/templates/huggingface-login.yaml new file mode 100644 index 00000000..2abe64c7 --- /dev/null +++ b/charts/huggingface/templates/huggingface-login.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-login +type: Opaque +data: + username: {{ "admin" | b64enc }} + password: {{ randAlphaNum 16 | b64enc }} diff --git a/charts/huggingface/templates/ingress.yaml b/charts/huggingface/templates/ingress.yaml new file mode 100644 index 00000000..f06e9d09 --- /dev/null +++ b/charts/huggingface/templates/ingress.yaml @@ -0,0 +1,24 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "huggingface.fullname" . }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "huggingface.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/huggingface/templates/service-monitor.yaml b/charts/huggingface/templates/service-monitor.yaml new file mode 100644 index 00000000..f855ed9d --- /dev/null +++ b/charts/huggingface/templates/service-monitor.yaml @@ -0,0 +1,13 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "huggingface.fullname" . }} + labels: + release: prometheus +spec: + selector: + matchLabels: + app: {{ include "huggingface.name" . }} + endpoints: + - port: http + interval: 30s diff --git a/charts/huggingface/templates/service.yaml b/charts/huggingface/templates/service.yaml new file mode 100644 index 00000000..e5615efa --- /dev/null +++ b/charts/huggingface/templates/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "huggingface.fullname" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: 80 + selector: + app: {{ include "huggingface.name" . }} diff --git a/charts/huggingface/values.schema.json b/charts/huggingface/values.schema.json new file mode 100644 index 00000000..d1485ca4 --- /dev/null +++ b/charts/huggingface/values.schema.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "replicaCount": { + "type": "integer", + "default": 1, + "mutable": true + }, + "image": { + "type": "object", + "properties": { + "repository": { "type": "string", "editDisabled": true }, + "tag": { "type": "string", "mutable": true }, + "pullPolicy": { "type": "string", "mutable": true } + } + }, + "service": { + "type": "object", + "properties": { + "type": { "type": "string", "mutable": true }, + "port": { "type": "integer", "mutable": true } + } + } + } +} diff --git a/charts/huggingface/values.yaml b/charts/huggingface/values.yaml new file mode 100644 index 00000000..99727e24 --- /dev/null +++ b/charts/huggingface/values.yaml @@ -0,0 +1,39 @@ +replicaCount: 1 + +image: + repository: ghcr.io/huggingface/tgi + tag: latest + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 80 + +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 500m + memory: 1Gi + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + +ingress: + enabled: true + className: "nginx" + annotations: {} + hosts: + - host: huggingface.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/charts/jupyterhub/Chart.yaml b/charts/jupyterhub/Chart.yaml index 146663cd..b161d095 100644 --- a/charts/jupyterhub/Chart.yaml +++ b/charts/jupyterhub/Chart.yaml @@ -1,12 +1,12 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for Deploying JupyterHub -name: jupyterhub -version: 0.0.3 -type: application -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for Deploying JupyterHub +name: jupyterhub +version: 0.0.3 +type: application +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: application \ No newline at end of file diff --git a/charts/jupyterhub/README.md b/charts/jupyterhub/README.md index 775ad0a1..70aa3c6b 100644 --- a/charts/jupyterhub/README.md +++ b/charts/jupyterhub/README.md @@ -1,212 +1,212 @@ -# JupyterHub Helm Chart - -This Helm chart deploys JupyterHub on Kubernetes, providing a multi-user server for Jupyter notebooks. JupyterHub allows multiple users to access their own Jupyter notebook servers in a shared environment, making it ideal for educational institutions, research labs, and data science teams. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- Storage class for persistent volumes (if using dynamic storage) - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the JupyterHub Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/jupyterhub -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-jupyterhub zopdev/jupyterhub -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the JupyterHub Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-jupyterhub -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The JupyterHub Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### Hub Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `hub.config.JupyterHub.admin_access` | `boolean` | Whether to allow admin access. | `true` | -| `hub.config.JupyterHub.authenticator_class` | `string` | Authentication class to use. | `"dummy"` | -| `hub.baseUrl` | `string` | Base URL for the JupyterHub instance. | `"/"` | - -### Proxy Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `proxy.https.enabled` | `boolean` | Whether to enable HTTPS. | `false` | -| `proxy.https.type` | `string` | Type of HTTPS configuration (letsencrypt). | `"letsencrypt"` | -| `proxy.https.letsencrypt.contactEmail` | `string` | Contact email for Let's Encrypt. | `""` | -| `proxy.https.letsencrypt.acmeServer` | `string` | ACME server URL for Let's Encrypt. | `"https://acme-v02.api.letsencrypt.org/directory"` | - -### Single User Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `singleuser.image.name` | `string` | Docker image for single-user servers. | `"quay.io/jupyterhub/k8s-singleuser-sample"` | -| `singleuser.image.tag` | `string` | Tag for the single-user server image. | `"4.1.1-0.dev.git.6957.h0e735928"` | -| `singleuser.storage.type` | `string` | Type of storage to use (dynamic/static). | `"dynamic"` | -| `singleuser.storage.capacity`| `string` | Storage capacity for user volumes. | `"10Gi"` | -| `singleuser.storage.homeMountPath` | `string` | Path to mount user home directory. | `"/home/jovyan"` | - -### Scheduling Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `scheduling.userScheduler.enabled` | `boolean` | Whether to enable user scheduler. | `true` | -| `scheduling.userScheduler.replicas` | `integer` | Number of scheduler replicas. | `2` | -| `scheduling.userScheduler.logLevel` | `integer` | Log level for the scheduler. | `4` | - -### Culling Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `cull.enabled` | `boolean` | Whether to enable culling of inactive servers. | `true` | -| `cull.timeout` | `integer` | Time in seconds before culling inactive servers. | `3600` | -| `cull.every` | `integer` | How often to check for culling in seconds. | `600` | - ---- - -## Example `values.yaml` - -```yaml -hub: - config: - JupyterHub: - admin_access: true - authenticator_class: dummy - baseUrl: / - -proxy: - https: - enabled: false - type: letsencrypt - letsencrypt: - contactEmail: admin@example.com - acmeServer: https://acme-v02.api.letsencrypt.org/directory - -singleuser: - image: - name: quay.io/jupyterhub/k8s-singleuser-sample - tag: "4.1.1-0.dev.git.6957.h0e735928" - storage: - type: dynamic - capacity: 10Gi - homeMountPath: /home/jovyan - -scheduling: - userScheduler: - enabled: true - replicas: 2 - logLevel: 4 - -cull: - enabled: true - timeout: 3600 - every: 600 -``` - ---- - -## Features - -- Multi-user Jupyter notebook server deployment -- Configurable authentication system -- HTTPS support with Let's Encrypt integration -- Persistent storage for user data -- Automatic culling of inactive servers -- Network policies for security -- Customizable resource limits -- User scheduling capabilities -- Pre-pulling of container images -- Cloud metadata blocking for security - ---- - -## Architecture - -The JupyterHub deployment includes: -- Hub pod for user authentication and management -- Proxy pod for routing requests -- Single-user server pods for each user -- Persistent volume claims for user data -- Network policies for security -- User scheduler for pod placement -- Image pre-puller for faster startup -- Culling service for resource management - ---- - -## Security Features - -- Network policies to control pod communication -- Cloud metadata blocking -- Configurable authentication system -- HTTPS support -- Privilege escalation prevention -- User isolation through separate pods -- Configurable security contexts - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# JupyterHub Helm Chart + +This Helm chart deploys JupyterHub on Kubernetes, providing a multi-user server for Jupyter notebooks. JupyterHub allows multiple users to access their own Jupyter notebook servers in a shared environment, making it ideal for educational institutions, research labs, and data science teams. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- Storage class for persistent volumes (if using dynamic storage) + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the JupyterHub Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/jupyterhub +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-jupyterhub zopdev/jupyterhub +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the JupyterHub Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-jupyterhub +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The JupyterHub Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### Hub Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `hub.config.JupyterHub.admin_access` | `boolean` | Whether to allow admin access. | `true` | +| `hub.config.JupyterHub.authenticator_class` | `string` | Authentication class to use. | `"dummy"` | +| `hub.baseUrl` | `string` | Base URL for the JupyterHub instance. | `"/"` | + +### Proxy Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `proxy.https.enabled` | `boolean` | Whether to enable HTTPS. | `false` | +| `proxy.https.type` | `string` | Type of HTTPS configuration (letsencrypt). | `"letsencrypt"` | +| `proxy.https.letsencrypt.contactEmail` | `string` | Contact email for Let's Encrypt. | `""` | +| `proxy.https.letsencrypt.acmeServer` | `string` | ACME server URL for Let's Encrypt. | `"https://acme-v02.api.letsencrypt.org/directory"` | + +### Single User Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `singleuser.image.name` | `string` | Docker image for single-user servers. | `"quay.io/jupyterhub/k8s-singleuser-sample"` | +| `singleuser.image.tag` | `string` | Tag for the single-user server image. | `"4.1.1-0.dev.git.6957.h0e735928"` | +| `singleuser.storage.type` | `string` | Type of storage to use (dynamic/static). | `"dynamic"` | +| `singleuser.storage.capacity`| `string` | Storage capacity for user volumes. | `"10Gi"` | +| `singleuser.storage.homeMountPath` | `string` | Path to mount user home directory. | `"/home/jovyan"` | + +### Scheduling Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `scheduling.userScheduler.enabled` | `boolean` | Whether to enable user scheduler. | `true` | +| `scheduling.userScheduler.replicas` | `integer` | Number of scheduler replicas. | `2` | +| `scheduling.userScheduler.logLevel` | `integer` | Log level for the scheduler. | `4` | + +### Culling Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `cull.enabled` | `boolean` | Whether to enable culling of inactive servers. | `true` | +| `cull.timeout` | `integer` | Time in seconds before culling inactive servers. | `3600` | +| `cull.every` | `integer` | How often to check for culling in seconds. | `600` | + +--- + +## Example `values.yaml` + +```yaml +hub: + config: + JupyterHub: + admin_access: true + authenticator_class: dummy + baseUrl: / + +proxy: + https: + enabled: false + type: letsencrypt + letsencrypt: + contactEmail: admin@example.com + acmeServer: https://acme-v02.api.letsencrypt.org/directory + +singleuser: + image: + name: quay.io/jupyterhub/k8s-singleuser-sample + tag: "4.1.1-0.dev.git.6957.h0e735928" + storage: + type: dynamic + capacity: 10Gi + homeMountPath: /home/jovyan + +scheduling: + userScheduler: + enabled: true + replicas: 2 + logLevel: 4 + +cull: + enabled: true + timeout: 3600 + every: 600 +``` + +--- + +## Features + +- Multi-user Jupyter notebook server deployment +- Configurable authentication system +- HTTPS support with Let's Encrypt integration +- Persistent storage for user data +- Automatic culling of inactive servers +- Network policies for security +- Customizable resource limits +- User scheduling capabilities +- Pre-pulling of container images +- Cloud metadata blocking for security + +--- + +## Architecture + +The JupyterHub deployment includes: +- Hub pod for user authentication and management +- Proxy pod for routing requests +- Single-user server pods for each user +- Persistent volume claims for user data +- Network policies for security +- User scheduler for pod placement +- Image pre-puller for faster startup +- Culling service for resource management + +--- + +## Security Features + +- Network policies to control pod communication +- Cloud metadata blocking +- Configurable authentication system +- HTTPS support +- Privilege escalation prevention +- User isolation through separate pods +- Configurable security contexts + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/jupyterhub/files/hub/jupyterhub_config.py b/charts/jupyterhub/files/hub/jupyterhub_config.py index 7a88eae6..c0356240 100644 --- a/charts/jupyterhub/files/hub/jupyterhub_config.py +++ b/charts/jupyterhub/files/hub/jupyterhub_config.py @@ -1,519 +1,519 @@ -# load the config object (satisfies linters) -c = get_config() # noqa - -import glob -import os -import re -import sys - -from jupyterhub.utils import url_path_join -from kubernetes_asyncio import client -from tornado.httpclient import AsyncHTTPClient - -# Make sure that modules placed in the same directory as the jupyterhub config are added to the pythonpath -configuration_directory = os.path.dirname(os.path.realpath(__file__)) -sys.path.insert(0, configuration_directory) - -from z2jh import ( - get_config, - get_name, - get_name_env, - get_secret_value, - set_config_if_not_none, -) - - -def camelCaseify(s): - """convert snake_case to camelCase - - For the common case where some_value is set from someValue - so we don't have to specify the name twice. - """ - return re.sub(r"_([a-z])", lambda m: m.group(1).upper(), s) - - -# Configure JupyterHub to use the curl backend for making HTTP requests, -# rather than the pure-python implementations. The default one starts -# being too slow to make a large number of requests to the proxy API -# at the rate required. -AsyncHTTPClient.configure("tornado.curl_httpclient.CurlAsyncHTTPClient") - -c.JupyterHub.spawner_class = "kubespawner.KubeSpawner" - -# Connect to a proxy running in a different pod. Note that *_SERVICE_* -# environment variables are set by Kubernetes for Services -c.ConfigurableHTTPProxy.api_url = ( - f'http://{get_name("proxy-api")}:{get_name_env("proxy-api", "_SERVICE_PORT")}' -) -c.ConfigurableHTTPProxy.should_start = False - -# Do not shut down user pods when hub is restarted -c.JupyterHub.cleanup_servers = False - -# Check that the proxy has routes appropriately setup -c.JupyterHub.last_activity_interval = 60 - -# Don't wait at all before redirecting a spawning user to the progress page -c.JupyterHub.tornado_settings = { - "slow_spawn_timeout": 0, -} - - -# configure the hub db connection -db_type = get_config("hub.db.type") -if db_type == "sqlite-pvc": - c.JupyterHub.db_url = "sqlite:///jupyterhub.sqlite" -elif db_type == "sqlite-memory": - c.JupyterHub.db_url = "sqlite://" -else: - set_config_if_not_none(c.JupyterHub, "db_url", "hub.db.url") -db_password = get_secret_value("hub.db.password", None) -if db_password is not None: - if db_type == "mysql": - os.environ["MYSQL_PWD"] = db_password - elif db_type == "postgres": - os.environ["PGPASSWORD"] = db_password - else: - print(f"Warning: hub.db.password is ignored for hub.db.type={db_type}") - - -# c.JupyterHub configuration from Helm chart's configmap -for trait, cfg_key in ( - ("concurrent_spawn_limit", None), - ("active_server_limit", None), - ("base_url", None), - ("allow_named_servers", None), - ("named_server_limit_per_user", None), - ("authenticate_prometheus", None), - ("redirect_to_server", None), - ("shutdown_on_logout", None), - ("template_paths", None), - ("template_vars", None), -): - if cfg_key is None: - cfg_key = camelCaseify(trait) - set_config_if_not_none(c.JupyterHub, trait, "hub." + cfg_key) - -# hub_bind_url configures what the JupyterHub process within the hub pod's -# container should listen to. -hub_container_port = 8081 -c.JupyterHub.hub_bind_url = f"http://:{hub_container_port}" - -# hub_connect_url is the URL for connecting to the hub for use by external -# JupyterHub services such as the proxy. Note that *_SERVICE_* environment -# variables are set by Kubernetes for Services. -c.JupyterHub.hub_connect_url = ( - f'http://{get_name("hub")}:{get_name_env("hub", "_SERVICE_PORT")}' -) - -# implement common labels -# This mimics the jupyterhub.commonLabels helper, but declares managed-by to -# kubespawner instead of helm. -# -# The labels app and release are old labels enabled to be deleted in z2jh 5, but -# for now retained to avoid a breaking change in z2jh 4 that would force user -# server restarts. Restarts would be required because NetworkPolicy resources -# must select old/new pods with labels that then needs to be seen on both -# old/new pods, and we want these resources to keep functioning for old/new user -# server pods during an upgrade. -# -common_labels = c.KubeSpawner.common_labels = {} -common_labels["app.kubernetes.io/name"] = common_labels["app"] = get_config( - "nameOverride", - default=get_config("Chart.Name", "jupyterhub"), -) -release = get_config("Release.Name") -if release: - common_labels["app.kubernetes.io/instance"] = common_labels["release"] = release -chart_name = get_config("Chart.Name") -chart_version = get_config("Chart.Version") -if chart_name and chart_version: - common_labels["helm.sh/chart"] = common_labels["chart"] = ( - f"{chart_name}-{chart_version.replace('+', '_')}" - ) -common_labels["app.kubernetes.io/managed-by"] = "kubespawner" - -c.KubeSpawner.namespace = os.environ.get("POD_NAMESPACE", "default") - -# Max number of consecutive failures before the Hub restarts itself -set_config_if_not_none( - c.Spawner, - "consecutive_failure_limit", - "hub.consecutiveFailureLimit", -) - -for trait, cfg_key in ( - ("pod_name_template", None), - ("start_timeout", None), - ("image_pull_policy", "image.pullPolicy"), - # ('image_pull_secrets', 'image.pullSecrets'), # Managed manually below - ("events_enabled", "events"), - ("extra_labels", None), - ("extra_annotations", None), - # ("allow_privilege_escalation", None), # Managed manually below - ("uid", None), - ("fs_gid", None), - ("service_account", "serviceAccountName"), - ("storage_extra_labels", "storage.extraLabels"), - # ("tolerations", "extraTolerations"), # Managed manually below - ("node_selector", None), - ("node_affinity_required", "extraNodeAffinity.required"), - ("node_affinity_preferred", "extraNodeAffinity.preferred"), - ("pod_affinity_required", "extraPodAffinity.required"), - ("pod_affinity_preferred", "extraPodAffinity.preferred"), - ("pod_anti_affinity_required", "extraPodAntiAffinity.required"), - ("pod_anti_affinity_preferred", "extraPodAntiAffinity.preferred"), - ("lifecycle_hooks", None), - ("init_containers", None), - ("extra_containers", None), - ("mem_limit", "memory.limit"), - ("mem_guarantee", "memory.guarantee"), - ("cpu_limit", "cpu.limit"), - ("cpu_guarantee", "cpu.guarantee"), - ("extra_resource_limits", "extraResource.limits"), - ("extra_resource_guarantees", "extraResource.guarantees"), - ("environment", "extraEnv"), - ("profile_list", None), - ("extra_pod_config", None), -): - if cfg_key is None: - cfg_key = camelCaseify(trait) - set_config_if_not_none(c.KubeSpawner, trait, "singleuser." + cfg_key) - -image = get_config("singleuser.image.name") -if image: - tag = get_config("singleuser.image.tag") - if tag: - image = f"{image}:{tag}" - - c.KubeSpawner.image = image - -# allow_privilege_escalation defaults to False in KubeSpawner 2+. Since its a -# property where None, False, and True all are valid values that users of the -# Helm chart may want to set, we can't use the set_config_if_not_none helper -# function as someone may want to override the default False value to None. -# -c.KubeSpawner.allow_privilege_escalation = get_config( - "singleuser.allowPrivilegeEscalation" -) - -# Combine imagePullSecret.create (single), imagePullSecrets (list), and -# singleuser.image.pullSecrets (list). -image_pull_secrets = [] -if get_config("imagePullSecret.automaticReferenceInjection") and get_config( - "imagePullSecret.create" -): - image_pull_secrets.append(get_name("image-pull-secret")) -if get_config("imagePullSecrets"): - image_pull_secrets.extend(get_config("imagePullSecrets")) -if get_config("singleuser.image.pullSecrets"): - image_pull_secrets.extend(get_config("singleuser.image.pullSecrets")) -if image_pull_secrets: - c.KubeSpawner.image_pull_secrets = image_pull_secrets - -# scheduling: -if get_config("scheduling.userScheduler.enabled"): - c.KubeSpawner.scheduler_name = get_name("user-scheduler") -if get_config("scheduling.podPriority.enabled"): - c.KubeSpawner.priority_class_name = get_name("priority") - -# add node-purpose affinity -match_node_purpose = "prefer" -if match_node_purpose: - node_selector = dict( - matchExpressions=[ - dict( - key="hub.jupyter.org/node-purpose", - operator="In", - values=["user"], - ) - ], - ) - if match_node_purpose == "prefer": - c.KubeSpawner.node_affinity_preferred.append( - dict( - weight=100, - preference=node_selector, - ), - ) - elif match_node_purpose == "require": - c.KubeSpawner.node_affinity_required.append(node_selector) - elif match_node_purpose == "ignore": - pass - else: - raise ValueError( - f"Unrecognized value for matchNodePurpose: {match_node_purpose}" - ) - -# Combine the common tolerations for user pods with singleuser tolerations -scheduling_user_pods_tolerations = [ - { - "key": "hub.jupyter.org/dedicated", - "operator": "Equal", - "value": "user", - "effect": "NoSchedule", - }, - { - "key": "hub.jupyter.org_dedicated", - "operator": "Equal", - "value": "user", - "effect": "NoSchedule", - } -] -singleuser_extra_tolerations = get_config("singleuser.extraTolerations", []) -tolerations = scheduling_user_pods_tolerations + singleuser_extra_tolerations -if tolerations: - c.KubeSpawner.tolerations = tolerations - -# Configure dynamically provisioning pvc -storage_type = get_config("singleuser.storage.type") -if storage_type == "dynamic": - pvc_name_template = get_config("singleuser.storage.dynamic.pvcNameTemplate") - if pvc_name_template: - c.KubeSpawner.pvc_name_template = pvc_name_template - volume_name_template = get_config("singleuser.storage.dynamic.volumeNameTemplate") - c.KubeSpawner.storage_pvc_ensure = True - set_config_if_not_none( - c.KubeSpawner, "storage_class", "singleuser.storage.dynamic.storageClass" - ) - set_config_if_not_none( - c.KubeSpawner, - "storage_access_modes", - "singleuser.storage.dynamic.storageAccessModes", - ) - set_config_if_not_none( - c.KubeSpawner, "storage_capacity", "singleuser.storage.capacity" - ) - - # Add volumes to singleuser pods - c.KubeSpawner.volumes = [ - { - "name": volume_name_template, - "persistentVolumeClaim": {"claimName": "{pvc_name}"}, - } - ] - c.KubeSpawner.volume_mounts = [ - { - "mountPath": get_config("singleuser.storage.homeMountPath"), - "name": volume_name_template, - "subPath": get_config("singleuser.storage.dynamic.subPath"), - } - ] -elif storage_type == "static": - pvc_claim_name = get_config("singleuser.storage.static.pvcName") - c.KubeSpawner.volumes = [ - {"name": "home", "persistentVolumeClaim": {"claimName": pvc_claim_name}} - ] - - c.KubeSpawner.volume_mounts = [ - { - "mountPath": get_config("singleuser.storage.homeMountPath"), - "name": "home", - "subPath": get_config("singleuser.storage.static.subPath"), - } - ] - -# Inject singleuser.extraFiles as volumes and volumeMounts with data loaded from -# the dedicated k8s Secret prepared to hold the extraFiles actual content. -extra_files = get_config("singleuser.extraFiles", {}) -if extra_files: - volume = { - "name": "files", - } - items = [] - for file_key, file_details in extra_files.items(): - # Each item is a mapping of a key in the k8s Secret to a path in this - # abstract volume, the goal is to enable us to set the mode / - # permissions only though so we don't change the mapping. - item = { - "key": file_key, - "path": file_key, - } - if "mode" in file_details: - item["mode"] = file_details["mode"] - items.append(item) - volume["secret"] = { - "secretName": get_name("singleuser"), - "items": items, - } - c.KubeSpawner.volumes.append(volume) - - volume_mounts = [] - for file_key, file_details in extra_files.items(): - volume_mounts.append( - { - "mountPath": file_details["mountPath"], - "subPath": file_key, - "name": "files", - } - ) - c.KubeSpawner.volume_mounts.extend(volume_mounts) - -# Inject extraVolumes / extraVolumeMounts -c.KubeSpawner.volumes.extend(get_config("singleuser.storage.extraVolumes", [])) -c.KubeSpawner.volume_mounts.extend( - get_config("singleuser.storage.extraVolumeMounts", []) -) - -c.JupyterHub.services = [] -c.JupyterHub.load_roles = [] - -# jupyterhub-idle-culler's permissions are scoped to what it needs only, see -# https://github.com/jupyterhub/jupyterhub-idle-culler#permissions. -# -if get_config("cull.enabled", False): - jupyterhub_idle_culler_role = { - "name": "jupyterhub-idle-culler", - "scopes": [ - "list:users", - "read:users:activity", - "read:servers", - "delete:servers", - # "admin:users", # dynamically added if --cull-users is passed - ], - # assign the role to a jupyterhub service, so it gains these permissions - "services": ["jupyterhub-idle-culler"], - } - - cull_cmd = ["python3", "-m", "jupyterhub_idle_culler"] - base_url = c.JupyterHub.get("base_url", "/") - cull_cmd.append("--url=http://localhost:8081" + url_path_join(base_url, "hub/api")) - - cull_timeout = get_config("cull.timeout") - if cull_timeout: - cull_cmd.append(f"--timeout={cull_timeout}") - - cull_every = get_config("cull.every") - if cull_every: - cull_cmd.append(f"--cull-every={cull_every}") - - cull_concurrency = get_config("cull.concurrency") - if cull_concurrency: - cull_cmd.append(f"--concurrency={cull_concurrency}") - - if get_config("cull.users"): - cull_cmd.append("--cull-users") - jupyterhub_idle_culler_role["scopes"].append("admin:users") - - if not get_config("cull.adminUsers"): - cull_cmd.append("--cull-admin-users=false") - - if get_config("cull.removeNamedServers"): - cull_cmd.append("--remove-named-servers") - - cull_max_age = get_config("cull.maxAge") - if cull_max_age: - cull_cmd.append(f"--max-age={cull_max_age}") - - c.JupyterHub.services.append( - { - "name": "jupyterhub-idle-culler", - "command": cull_cmd, - } - ) - c.JupyterHub.load_roles.append(jupyterhub_idle_culler_role) - -for key, service in get_config("hub.services", {}).items(): - # c.JupyterHub.services is a list of dicts, but - # hub.services is a dict of dicts to make the config mergable - service.setdefault("name", key) - - # As the api_token could be exposed in hub.existingSecret, we need to read - # it it from there or fall back to the chart managed k8s Secret's value. - service.pop("apiToken", None) - service["api_token"] = get_secret_value(f"hub.services.{key}.apiToken") - - c.JupyterHub.services.append(service) - -for key, role in get_config("hub.loadRoles", {}).items(): - # c.JupyterHub.load_roles is a list of dicts, but - # hub.loadRoles is a dict of dicts to make the config mergable - role.setdefault("name", key) - - c.JupyterHub.load_roles.append(role) - -# respect explicit null command (distinct from unspecified) -# this avoids relying on KubeSpawner.cmd's default being None -_unspecified = object() -specified_cmd = "jupyterhub-singleuser" -if specified_cmd is not _unspecified: - c.Spawner.cmd = specified_cmd - -set_config_if_not_none(c.Spawner, "default_url", "singleuser.defaultUrl") - -cloud_metadata = get_config("singleuser.cloudMetadata") - -if cloud_metadata.get("blockWithIptables") == True: - # Use iptables to block access to cloud metadata by default - network_tools_image_name = get_config("singleuser.networkTools.image.name") - network_tools_image_tag = get_config("singleuser.networkTools.image.tag") - network_tools_resources = get_config("singleuser.networkTools.resources") - ip = cloud_metadata["ip"] - ip_block_container = client.V1Container( - name="block-cloud-metadata", - image=f"{network_tools_image_name}:{network_tools_image_tag}", - command=[ - "iptables", - "--append", - "OUTPUT", - "--protocol", - "tcp", - "--destination", - ip, - "--destination-port", - "80", - "--jump", - "DROP", - ], - security_context=client.V1SecurityContext( - privileged=True, - run_as_user=0, - capabilities=client.V1Capabilities(add=["NET_ADMIN"]), - ), - resources=network_tools_resources, - ) - - c.KubeSpawner.init_containers.append(ip_block_container) - - -if get_config("debug.enabled", False): - c.JupyterHub.log_level = "DEBUG" - c.Spawner.debug = True - -# load potentially seeded secrets -# -# NOTE: ConfigurableHTTPProxy.auth_token is set through an environment variable -# that is set using the chart managed secret. -c.JupyterHub.cookie_secret = get_secret_value("hub.config.JupyterHub.cookie_secret") -# NOTE: CryptKeeper.keys should be a list of strings, but we have encoded as a -# single string joined with ; in the k8s Secret. -# -c.CryptKeeper.keys = get_secret_value("hub.config.CryptKeeper.keys").split(";") - -# load hub.config values, except potentially seeded secrets already loaded -for app, cfg in get_config("hub.config", {}).items(): - if app == "JupyterHub": - cfg.pop("proxy_auth_token", None) - cfg.pop("cookie_secret", None) - cfg.pop("services", None) - elif app == "ConfigurableHTTPProxy": - cfg.pop("auth_token", None) - elif app == "CryptKeeper": - cfg.pop("keys", None) - c[app].update(cfg) - -# load /usr/local/etc/jupyterhub/jupyterhub_config.d config files -config_dir = "/usr/local/etc/jupyterhub/jupyterhub_config.d" -if os.path.isdir(config_dir): - for file_path in sorted(glob.glob(f"{config_dir}/*.py")): - file_name = os.path.basename(file_path) - print(f"Loading {config_dir} config: {file_name}") - with open(file_path) as f: - file_content = f.read() - # compiling makes debugging easier: https://stackoverflow.com/a/437857 - exec(compile(source=file_content, filename=file_name, mode="exec")) - -# execute hub.extraConfig entries -for key, config_py in sorted(get_config("hub.extraConfig", {}).items()): - print(f"Loading extra config: {key}") - exec(config_py) +# load the config object (satisfies linters) +c = get_config() # noqa + +import glob +import os +import re +import sys + +from jupyterhub.utils import url_path_join +from kubernetes_asyncio import client +from tornado.httpclient import AsyncHTTPClient + +# Make sure that modules placed in the same directory as the jupyterhub config are added to the pythonpath +configuration_directory = os.path.dirname(os.path.realpath(__file__)) +sys.path.insert(0, configuration_directory) + +from z2jh import ( + get_config, + get_name, + get_name_env, + get_secret_value, + set_config_if_not_none, +) + + +def camelCaseify(s): + """convert snake_case to camelCase + + For the common case where some_value is set from someValue + so we don't have to specify the name twice. + """ + return re.sub(r"_([a-z])", lambda m: m.group(1).upper(), s) + + +# Configure JupyterHub to use the curl backend for making HTTP requests, +# rather than the pure-python implementations. The default one starts +# being too slow to make a large number of requests to the proxy API +# at the rate required. +AsyncHTTPClient.configure("tornado.curl_httpclient.CurlAsyncHTTPClient") + +c.JupyterHub.spawner_class = "kubespawner.KubeSpawner" + +# Connect to a proxy running in a different pod. Note that *_SERVICE_* +# environment variables are set by Kubernetes for Services +c.ConfigurableHTTPProxy.api_url = ( + f'http://{get_name("proxy-api")}:{get_name_env("proxy-api", "_SERVICE_PORT")}' +) +c.ConfigurableHTTPProxy.should_start = False + +# Do not shut down user pods when hub is restarted +c.JupyterHub.cleanup_servers = False + +# Check that the proxy has routes appropriately setup +c.JupyterHub.last_activity_interval = 60 + +# Don't wait at all before redirecting a spawning user to the progress page +c.JupyterHub.tornado_settings = { + "slow_spawn_timeout": 0, +} + + +# configure the hub db connection +db_type = get_config("hub.db.type") +if db_type == "sqlite-pvc": + c.JupyterHub.db_url = "sqlite:///jupyterhub.sqlite" +elif db_type == "sqlite-memory": + c.JupyterHub.db_url = "sqlite://" +else: + set_config_if_not_none(c.JupyterHub, "db_url", "hub.db.url") +db_password = get_secret_value("hub.db.password", None) +if db_password is not None: + if db_type == "mysql": + os.environ["MYSQL_PWD"] = db_password + elif db_type == "postgres": + os.environ["PGPASSWORD"] = db_password + else: + print(f"Warning: hub.db.password is ignored for hub.db.type={db_type}") + + +# c.JupyterHub configuration from Helm chart's configmap +for trait, cfg_key in ( + ("concurrent_spawn_limit", None), + ("active_server_limit", None), + ("base_url", None), + ("allow_named_servers", None), + ("named_server_limit_per_user", None), + ("authenticate_prometheus", None), + ("redirect_to_server", None), + ("shutdown_on_logout", None), + ("template_paths", None), + ("template_vars", None), +): + if cfg_key is None: + cfg_key = camelCaseify(trait) + set_config_if_not_none(c.JupyterHub, trait, "hub." + cfg_key) + +# hub_bind_url configures what the JupyterHub process within the hub pod's +# container should listen to. +hub_container_port = 8081 +c.JupyterHub.hub_bind_url = f"http://:{hub_container_port}" + +# hub_connect_url is the URL for connecting to the hub for use by external +# JupyterHub services such as the proxy. Note that *_SERVICE_* environment +# variables are set by Kubernetes for Services. +c.JupyterHub.hub_connect_url = ( + f'http://{get_name("hub")}:{get_name_env("hub", "_SERVICE_PORT")}' +) + +# implement common labels +# This mimics the jupyterhub.commonLabels helper, but declares managed-by to +# kubespawner instead of helm. +# +# The labels app and release are old labels enabled to be deleted in z2jh 5, but +# for now retained to avoid a breaking change in z2jh 4 that would force user +# server restarts. Restarts would be required because NetworkPolicy resources +# must select old/new pods with labels that then needs to be seen on both +# old/new pods, and we want these resources to keep functioning for old/new user +# server pods during an upgrade. +# +common_labels = c.KubeSpawner.common_labels = {} +common_labels["app.kubernetes.io/name"] = common_labels["app"] = get_config( + "nameOverride", + default=get_config("Chart.Name", "jupyterhub"), +) +release = get_config("Release.Name") +if release: + common_labels["app.kubernetes.io/instance"] = common_labels["release"] = release +chart_name = get_config("Chart.Name") +chart_version = get_config("Chart.Version") +if chart_name and chart_version: + common_labels["helm.sh/chart"] = common_labels["chart"] = ( + f"{chart_name}-{chart_version.replace('+', '_')}" + ) +common_labels["app.kubernetes.io/managed-by"] = "kubespawner" + +c.KubeSpawner.namespace = os.environ.get("POD_NAMESPACE", "default") + +# Max number of consecutive failures before the Hub restarts itself +set_config_if_not_none( + c.Spawner, + "consecutive_failure_limit", + "hub.consecutiveFailureLimit", +) + +for trait, cfg_key in ( + ("pod_name_template", None), + ("start_timeout", None), + ("image_pull_policy", "image.pullPolicy"), + # ('image_pull_secrets', 'image.pullSecrets'), # Managed manually below + ("events_enabled", "events"), + ("extra_labels", None), + ("extra_annotations", None), + # ("allow_privilege_escalation", None), # Managed manually below + ("uid", None), + ("fs_gid", None), + ("service_account", "serviceAccountName"), + ("storage_extra_labels", "storage.extraLabels"), + # ("tolerations", "extraTolerations"), # Managed manually below + ("node_selector", None), + ("node_affinity_required", "extraNodeAffinity.required"), + ("node_affinity_preferred", "extraNodeAffinity.preferred"), + ("pod_affinity_required", "extraPodAffinity.required"), + ("pod_affinity_preferred", "extraPodAffinity.preferred"), + ("pod_anti_affinity_required", "extraPodAntiAffinity.required"), + ("pod_anti_affinity_preferred", "extraPodAntiAffinity.preferred"), + ("lifecycle_hooks", None), + ("init_containers", None), + ("extra_containers", None), + ("mem_limit", "memory.limit"), + ("mem_guarantee", "memory.guarantee"), + ("cpu_limit", "cpu.limit"), + ("cpu_guarantee", "cpu.guarantee"), + ("extra_resource_limits", "extraResource.limits"), + ("extra_resource_guarantees", "extraResource.guarantees"), + ("environment", "extraEnv"), + ("profile_list", None), + ("extra_pod_config", None), +): + if cfg_key is None: + cfg_key = camelCaseify(trait) + set_config_if_not_none(c.KubeSpawner, trait, "singleuser." + cfg_key) + +image = get_config("singleuser.image.name") +if image: + tag = get_config("singleuser.image.tag") + if tag: + image = f"{image}:{tag}" + + c.KubeSpawner.image = image + +# allow_privilege_escalation defaults to False in KubeSpawner 2+. Since its a +# property where None, False, and True all are valid values that users of the +# Helm chart may want to set, we can't use the set_config_if_not_none helper +# function as someone may want to override the default False value to None. +# +c.KubeSpawner.allow_privilege_escalation = get_config( + "singleuser.allowPrivilegeEscalation" +) + +# Combine imagePullSecret.create (single), imagePullSecrets (list), and +# singleuser.image.pullSecrets (list). +image_pull_secrets = [] +if get_config("imagePullSecret.automaticReferenceInjection") and get_config( + "imagePullSecret.create" +): + image_pull_secrets.append(get_name("image-pull-secret")) +if get_config("imagePullSecrets"): + image_pull_secrets.extend(get_config("imagePullSecrets")) +if get_config("singleuser.image.pullSecrets"): + image_pull_secrets.extend(get_config("singleuser.image.pullSecrets")) +if image_pull_secrets: + c.KubeSpawner.image_pull_secrets = image_pull_secrets + +# scheduling: +if get_config("scheduling.userScheduler.enabled"): + c.KubeSpawner.scheduler_name = get_name("user-scheduler") +if get_config("scheduling.podPriority.enabled"): + c.KubeSpawner.priority_class_name = get_name("priority") + +# add node-purpose affinity +match_node_purpose = "prefer" +if match_node_purpose: + node_selector = dict( + matchExpressions=[ + dict( + key="hub.jupyter.org/node-purpose", + operator="In", + values=["user"], + ) + ], + ) + if match_node_purpose == "prefer": + c.KubeSpawner.node_affinity_preferred.append( + dict( + weight=100, + preference=node_selector, + ), + ) + elif match_node_purpose == "require": + c.KubeSpawner.node_affinity_required.append(node_selector) + elif match_node_purpose == "ignore": + pass + else: + raise ValueError( + f"Unrecognized value for matchNodePurpose: {match_node_purpose}" + ) + +# Combine the common tolerations for user pods with singleuser tolerations +scheduling_user_pods_tolerations = [ + { + "key": "hub.jupyter.org/dedicated", + "operator": "Equal", + "value": "user", + "effect": "NoSchedule", + }, + { + "key": "hub.jupyter.org_dedicated", + "operator": "Equal", + "value": "user", + "effect": "NoSchedule", + } +] +singleuser_extra_tolerations = get_config("singleuser.extraTolerations", []) +tolerations = scheduling_user_pods_tolerations + singleuser_extra_tolerations +if tolerations: + c.KubeSpawner.tolerations = tolerations + +# Configure dynamically provisioning pvc +storage_type = get_config("singleuser.storage.type") +if storage_type == "dynamic": + pvc_name_template = get_config("singleuser.storage.dynamic.pvcNameTemplate") + if pvc_name_template: + c.KubeSpawner.pvc_name_template = pvc_name_template + volume_name_template = get_config("singleuser.storage.dynamic.volumeNameTemplate") + c.KubeSpawner.storage_pvc_ensure = True + set_config_if_not_none( + c.KubeSpawner, "storage_class", "singleuser.storage.dynamic.storageClass" + ) + set_config_if_not_none( + c.KubeSpawner, + "storage_access_modes", + "singleuser.storage.dynamic.storageAccessModes", + ) + set_config_if_not_none( + c.KubeSpawner, "storage_capacity", "singleuser.storage.capacity" + ) + + # Add volumes to singleuser pods + c.KubeSpawner.volumes = [ + { + "name": volume_name_template, + "persistentVolumeClaim": {"claimName": "{pvc_name}"}, + } + ] + c.KubeSpawner.volume_mounts = [ + { + "mountPath": get_config("singleuser.storage.homeMountPath"), + "name": volume_name_template, + "subPath": get_config("singleuser.storage.dynamic.subPath"), + } + ] +elif storage_type == "static": + pvc_claim_name = get_config("singleuser.storage.static.pvcName") + c.KubeSpawner.volumes = [ + {"name": "home", "persistentVolumeClaim": {"claimName": pvc_claim_name}} + ] + + c.KubeSpawner.volume_mounts = [ + { + "mountPath": get_config("singleuser.storage.homeMountPath"), + "name": "home", + "subPath": get_config("singleuser.storage.static.subPath"), + } + ] + +# Inject singleuser.extraFiles as volumes and volumeMounts with data loaded from +# the dedicated k8s Secret prepared to hold the extraFiles actual content. +extra_files = get_config("singleuser.extraFiles", {}) +if extra_files: + volume = { + "name": "files", + } + items = [] + for file_key, file_details in extra_files.items(): + # Each item is a mapping of a key in the k8s Secret to a path in this + # abstract volume, the goal is to enable us to set the mode / + # permissions only though so we don't change the mapping. + item = { + "key": file_key, + "path": file_key, + } + if "mode" in file_details: + item["mode"] = file_details["mode"] + items.append(item) + volume["secret"] = { + "secretName": get_name("singleuser"), + "items": items, + } + c.KubeSpawner.volumes.append(volume) + + volume_mounts = [] + for file_key, file_details in extra_files.items(): + volume_mounts.append( + { + "mountPath": file_details["mountPath"], + "subPath": file_key, + "name": "files", + } + ) + c.KubeSpawner.volume_mounts.extend(volume_mounts) + +# Inject extraVolumes / extraVolumeMounts +c.KubeSpawner.volumes.extend(get_config("singleuser.storage.extraVolumes", [])) +c.KubeSpawner.volume_mounts.extend( + get_config("singleuser.storage.extraVolumeMounts", []) +) + +c.JupyterHub.services = [] +c.JupyterHub.load_roles = [] + +# jupyterhub-idle-culler's permissions are scoped to what it needs only, see +# https://github.com/jupyterhub/jupyterhub-idle-culler#permissions. +# +if get_config("cull.enabled", False): + jupyterhub_idle_culler_role = { + "name": "jupyterhub-idle-culler", + "scopes": [ + "list:users", + "read:users:activity", + "read:servers", + "delete:servers", + # "admin:users", # dynamically added if --cull-users is passed + ], + # assign the role to a jupyterhub service, so it gains these permissions + "services": ["jupyterhub-idle-culler"], + } + + cull_cmd = ["python3", "-m", "jupyterhub_idle_culler"] + base_url = c.JupyterHub.get("base_url", "/") + cull_cmd.append("--url=http://localhost:8081" + url_path_join(base_url, "hub/api")) + + cull_timeout = get_config("cull.timeout") + if cull_timeout: + cull_cmd.append(f"--timeout={cull_timeout}") + + cull_every = get_config("cull.every") + if cull_every: + cull_cmd.append(f"--cull-every={cull_every}") + + cull_concurrency = get_config("cull.concurrency") + if cull_concurrency: + cull_cmd.append(f"--concurrency={cull_concurrency}") + + if get_config("cull.users"): + cull_cmd.append("--cull-users") + jupyterhub_idle_culler_role["scopes"].append("admin:users") + + if not get_config("cull.adminUsers"): + cull_cmd.append("--cull-admin-users=false") + + if get_config("cull.removeNamedServers"): + cull_cmd.append("--remove-named-servers") + + cull_max_age = get_config("cull.maxAge") + if cull_max_age: + cull_cmd.append(f"--max-age={cull_max_age}") + + c.JupyterHub.services.append( + { + "name": "jupyterhub-idle-culler", + "command": cull_cmd, + } + ) + c.JupyterHub.load_roles.append(jupyterhub_idle_culler_role) + +for key, service in get_config("hub.services", {}).items(): + # c.JupyterHub.services is a list of dicts, but + # hub.services is a dict of dicts to make the config mergable + service.setdefault("name", key) + + # As the api_token could be exposed in hub.existingSecret, we need to read + # it it from there or fall back to the chart managed k8s Secret's value. + service.pop("apiToken", None) + service["api_token"] = get_secret_value(f"hub.services.{key}.apiToken") + + c.JupyterHub.services.append(service) + +for key, role in get_config("hub.loadRoles", {}).items(): + # c.JupyterHub.load_roles is a list of dicts, but + # hub.loadRoles is a dict of dicts to make the config mergable + role.setdefault("name", key) + + c.JupyterHub.load_roles.append(role) + +# respect explicit null command (distinct from unspecified) +# this avoids relying on KubeSpawner.cmd's default being None +_unspecified = object() +specified_cmd = "jupyterhub-singleuser" +if specified_cmd is not _unspecified: + c.Spawner.cmd = specified_cmd + +set_config_if_not_none(c.Spawner, "default_url", "singleuser.defaultUrl") + +cloud_metadata = get_config("singleuser.cloudMetadata") + +if cloud_metadata.get("blockWithIptables") == True: + # Use iptables to block access to cloud metadata by default + network_tools_image_name = get_config("singleuser.networkTools.image.name") + network_tools_image_tag = get_config("singleuser.networkTools.image.tag") + network_tools_resources = get_config("singleuser.networkTools.resources") + ip = cloud_metadata["ip"] + ip_block_container = client.V1Container( + name="block-cloud-metadata", + image=f"{network_tools_image_name}:{network_tools_image_tag}", + command=[ + "iptables", + "--append", + "OUTPUT", + "--protocol", + "tcp", + "--destination", + ip, + "--destination-port", + "80", + "--jump", + "DROP", + ], + security_context=client.V1SecurityContext( + privileged=True, + run_as_user=0, + capabilities=client.V1Capabilities(add=["NET_ADMIN"]), + ), + resources=network_tools_resources, + ) + + c.KubeSpawner.init_containers.append(ip_block_container) + + +if get_config("debug.enabled", False): + c.JupyterHub.log_level = "DEBUG" + c.Spawner.debug = True + +# load potentially seeded secrets +# +# NOTE: ConfigurableHTTPProxy.auth_token is set through an environment variable +# that is set using the chart managed secret. +c.JupyterHub.cookie_secret = get_secret_value("hub.config.JupyterHub.cookie_secret") +# NOTE: CryptKeeper.keys should be a list of strings, but we have encoded as a +# single string joined with ; in the k8s Secret. +# +c.CryptKeeper.keys = get_secret_value("hub.config.CryptKeeper.keys").split(";") + +# load hub.config values, except potentially seeded secrets already loaded +for app, cfg in get_config("hub.config", {}).items(): + if app == "JupyterHub": + cfg.pop("proxy_auth_token", None) + cfg.pop("cookie_secret", None) + cfg.pop("services", None) + elif app == "ConfigurableHTTPProxy": + cfg.pop("auth_token", None) + elif app == "CryptKeeper": + cfg.pop("keys", None) + c[app].update(cfg) + +# load /usr/local/etc/jupyterhub/jupyterhub_config.d config files +config_dir = "/usr/local/etc/jupyterhub/jupyterhub_config.d" +if os.path.isdir(config_dir): + for file_path in sorted(glob.glob(f"{config_dir}/*.py")): + file_name = os.path.basename(file_path) + print(f"Loading {config_dir} config: {file_name}") + with open(file_path) as f: + file_content = f.read() + # compiling makes debugging easier: https://stackoverflow.com/a/437857 + exec(compile(source=file_content, filename=file_name, mode="exec")) + +# execute hub.extraConfig entries +for key, config_py in sorted(get_config("hub.extraConfig", {}).items()): + print(f"Loading extra config: {key}") + exec(config_py) diff --git a/charts/jupyterhub/files/hub/z2jh.py b/charts/jupyterhub/files/hub/z2jh.py index f4d7be69..7e610e16 100644 --- a/charts/jupyterhub/files/hub/z2jh.py +++ b/charts/jupyterhub/files/hub/z2jh.py @@ -1,122 +1,122 @@ -""" -Utility methods for use in jupyterhub_config.py and dynamic subconfigs. - -Methods here can be imported by extraConfig in values.yaml -""" - -import os -from collections.abc import Mapping -from functools import lru_cache - -import yaml - - -# memoize so we only load config once -@lru_cache -def _load_config(): - """Load the Helm chart configuration used to render the Helm templates of - the chart from a mounted k8s Secret, and merge in values from an optionally - mounted secret (hub.existingSecret).""" - - cfg = {} - for source in ("secret/values.yaml", "existing-secret/values.yaml"): - path = f"/usr/local/etc/jupyterhub/{source}" - if os.path.exists(path): - print(f"Loading {path}") - with open(path) as f: - values = yaml.safe_load(f) - cfg = _merge_dictionaries(cfg, values) - else: - print(f"No config at {path}") - return cfg - - -@lru_cache -def _get_config_value(key): - """Load value from the k8s ConfigMap given a key.""" - - path = f"/usr/local/etc/jupyterhub/config/{key}" - if os.path.exists(path): - with open(path) as f: - return f.read() - else: - raise Exception(f"{path} not found!") - - -@lru_cache -def get_secret_value(key, default="never-explicitly-set"): - """Load value from the user managed k8s Secret or the default k8s Secret - given a key.""" - - for source in ("existing-secret", "secret"): - path = f"/usr/local/etc/jupyterhub/{source}/{key}" - if os.path.exists(path): - with open(path) as f: - return f.read() - if default != "never-explicitly-set": - return default - raise Exception(f"{key} not found in either k8s Secret!") - - -def get_name(name): - """Returns the fullname of a resource given its short name""" - return _get_config_value(name) - - -def get_name_env(name, suffix=""): - """Returns the fullname of a resource given its short name along with a - suffix, converted to uppercase with dashes replaced with underscores. This - is useful to reference named services associated environment variables, such - as PROXY_PUBLIC_SERVICE_PORT.""" - env_key = _get_config_value(name) + suffix - env_key = env_key.upper().replace("-", "_") - return os.environ[env_key] - - -def _merge_dictionaries(a, b): - """Merge two dictionaries recursively. - - Simplified From https://stackoverflow.com/a/7205107 - """ - merged = a.copy() - for key in b: - if key in a: - if isinstance(a[key], Mapping) and isinstance(b[key], Mapping): - merged[key] = _merge_dictionaries(a[key], b[key]) - else: - merged[key] = b[key] - else: - merged[key] = b[key] - return merged - - -def get_config(key, default=None): - """ - Find a config item of a given name & return it - - Parses everything as YAML, so lists and dicts are available too - - get_config("a.b.c") returns config['a']['b']['c'] - """ - value = _load_config() - # resolve path in yaml - for level in key.split("."): - if not isinstance(value, dict): - # a parent is a scalar or null, - # can't resolve full path - return default - if level not in value: - return default - else: - value = value[level] - return value - - -def set_config_if_not_none(cparent, name, key): - """ - Find a config item of a given name, set the corresponding Jupyter - configuration item if not None - """ - data = get_config(key) - if data is not None: - setattr(cparent, name, data) +""" +Utility methods for use in jupyterhub_config.py and dynamic subconfigs. + +Methods here can be imported by extraConfig in values.yaml +""" + +import os +from collections.abc import Mapping +from functools import lru_cache + +import yaml + + +# memoize so we only load config once +@lru_cache +def _load_config(): + """Load the Helm chart configuration used to render the Helm templates of + the chart from a mounted k8s Secret, and merge in values from an optionally + mounted secret (hub.existingSecret).""" + + cfg = {} + for source in ("secret/values.yaml", "existing-secret/values.yaml"): + path = f"/usr/local/etc/jupyterhub/{source}" + if os.path.exists(path): + print(f"Loading {path}") + with open(path) as f: + values = yaml.safe_load(f) + cfg = _merge_dictionaries(cfg, values) + else: + print(f"No config at {path}") + return cfg + + +@lru_cache +def _get_config_value(key): + """Load value from the k8s ConfigMap given a key.""" + + path = f"/usr/local/etc/jupyterhub/config/{key}" + if os.path.exists(path): + with open(path) as f: + return f.read() + else: + raise Exception(f"{path} not found!") + + +@lru_cache +def get_secret_value(key, default="never-explicitly-set"): + """Load value from the user managed k8s Secret or the default k8s Secret + given a key.""" + + for source in ("existing-secret", "secret"): + path = f"/usr/local/etc/jupyterhub/{source}/{key}" + if os.path.exists(path): + with open(path) as f: + return f.read() + if default != "never-explicitly-set": + return default + raise Exception(f"{key} not found in either k8s Secret!") + + +def get_name(name): + """Returns the fullname of a resource given its short name""" + return _get_config_value(name) + + +def get_name_env(name, suffix=""): + """Returns the fullname of a resource given its short name along with a + suffix, converted to uppercase with dashes replaced with underscores. This + is useful to reference named services associated environment variables, such + as PROXY_PUBLIC_SERVICE_PORT.""" + env_key = _get_config_value(name) + suffix + env_key = env_key.upper().replace("-", "_") + return os.environ[env_key] + + +def _merge_dictionaries(a, b): + """Merge two dictionaries recursively. + + Simplified From https://stackoverflow.com/a/7205107 + """ + merged = a.copy() + for key in b: + if key in a: + if isinstance(a[key], Mapping) and isinstance(b[key], Mapping): + merged[key] = _merge_dictionaries(a[key], b[key]) + else: + merged[key] = b[key] + else: + merged[key] = b[key] + return merged + + +def get_config(key, default=None): + """ + Find a config item of a given name & return it + + Parses everything as YAML, so lists and dicts are available too + + get_config("a.b.c") returns config['a']['b']['c'] + """ + value = _load_config() + # resolve path in yaml + for level in key.split("."): + if not isinstance(value, dict): + # a parent is a scalar or null, + # can't resolve full path + return default + if level not in value: + return default + else: + value = value[level] + return value + + +def set_config_if_not_none(cparent, name, key): + """ + Find a config item of a given name, set the corresponding Jupyter + configuration item if not None + """ + data = get_config(key) + if data is not None: + setattr(cparent, name, data) diff --git a/charts/jupyterhub/templates/_helpers-names.tpl b/charts/jupyterhub/templates/_helpers-names.tpl index 07aa7c0c..14f2520e 100644 --- a/charts/jupyterhub/templates/_helpers-names.tpl +++ b/charts/jupyterhub/templates/_helpers-names.tpl @@ -1,213 +1,213 @@ -{{- define "jupyterhub.fullname" -}} - {{- printf "%s-jupyterhub" .Release.Name }} -{{- end }} - - -{{- define "jupyterhub.fullname.dash" -}} - {{- printf "%s-jupyterhub" .Release.Name }} -{{- end }} - - -{{- define "jupyterhub.hub.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}hub -{{- end }} - -{{- define "jupyterhub.hub-serviceaccount.fullname" -}} - {{ include "jupyterhub.hub.fullname" . }}-sa -{{- end }} - -{{- /* hub PVC */}} -{{- define "jupyterhub.hub-pvc.fullname" -}} - jupyterhub-db-dir -{{- end }} - -{{- /* proxy Deployment */}} -{{- define "jupyterhub.proxy.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}proxy -{{- end }} - -{{- /* proxy-api Service */}} -{{- define "jupyterhub.proxy-api.fullname" -}} - {{- include "jupyterhub.proxy.fullname" . }}-api -{{- end }} - -{{- /* proxy-http Service */}} -{{- define "jupyterhub.proxy-http.fullname" -}} - {{- include "jupyterhub.proxy.fullname" . }}-http -{{- end }} - -{{- /* proxy-public Service */}} -{{- define "jupyterhub.proxy-public.fullname" -}} - jupyterhub-public -{{- end }} - -{{- /* proxy-public-tls Secret */}} -{{- define "jupyterhub.proxy-public-tls.fullname" -}} - {{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme -{{- end }} - -{{- /* proxy-public-manual-tls Secret */}} -{{- define "jupyterhub.proxy-public-manual-tls.fullname" -}} - {{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls -{{- end }} - -{{- /* autohttps Deployment */}} -{{- define "jupyterhub.autohttps.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}autohttps -{{- end }} - -{{- /* autohttps-serviceaccount ServiceAccount */}} -{{- define "jupyterhub.autohttps-serviceaccount.fullname" -}} - {{- printf "%s-sa" (include "jupyterhub.autohttps.fullname" .) }} -{{- end }} - -{{- /* user-scheduler Deployment */}} -{{- define "jupyterhub.user-scheduler-deploy.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}user-scheduler -{{- end }} - -{{- /* user-scheduler-serviceaccount ServiceAccount */}} -{{- define "jupyterhub.user-scheduler-serviceaccount.fullname" -}} - {{- printf "%s-sa" (include "jupyterhub.user-scheduler-deploy.fullname" .) }} -{{- end }} - -{{- /* user-scheduler leader election lock resource */}} -{{- define "jupyterhub.user-scheduler-lock.fullname" -}} - {{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock -{{- end }} - -{{- /* user-placeholder StatefulSet */}} -{{- define "jupyterhub.user-placeholder.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}user-placeholder -{{- end }} - -{{- /* image-awaiter Job */}} -{{- define "jupyterhub.hook-image-awaiter.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter -{{- end }} - -{{- /* image-awaiter-serviceaccount ServiceAccount */}} -{{- define "jupyterhub.hook-image-awaiter-serviceaccount.fullname" -}} - {{- include "jupyterhub.hook-image-awaiter.fullname" . }}-sa -{{- end }} - - -{{- /* hook-image-puller DaemonSet */}} -{{- define "jupyterhub.hook-image-puller.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}hook-image-puller -{{- end }} - -{{- /* hook-image-puller ServiceAccount */}} -{{- define "jupyterhub.hook-image-puller-serviceaccount.fullname" -}} - {{- include "jupyterhub.hook-image-puller.fullname" . }}-sa -{{- end }} - -{{- /* continuous-image-puller DaemonSet */}} -{{- define "jupyterhub.continuous-image-puller.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}continuous-image-puller -{{- end }} - -{{- /* continuous-image-puller ServiceAccount */}} -{{- define "jupyterhub.continuous-image-puller-serviceaccount.fullname" -}} - {{- include "jupyterhub.continuous-image-puller.fullname" . }}-sa -{{- end }} - -{{- /* singleuser NetworkPolicy */}} -{{- define "jupyterhub.singleuser.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}singleuser -{{- end }} - -{{- /* image-pull-secret Secret */}} -{{- define "jupyterhub.image-pull-secret.fullname" -}} - {{- include "jupyterhub.fullname.dash" . }}image-pull-secret -{{- end }} - -{{- /* Ingress */}} -{{- define "jupyterhub.ingress.fullname" -}} - {{- if (include "jupyterhub.fullname" .) }} - {{- include "jupyterhub.fullname" . }} - {{- else -}} - jupyterhub - {{- end }} -{{- end }} - - - - - -{{- /* Priority */}} -{{- define "jupyterhub.priority.fullname" -}} - {{- if (include "jupyterhub.fullname" .) }} - {{- include "jupyterhub.fullname" . }} - {{- else }} - {{- .Release.Name }}-default-priority - {{- end }} -{{- end }} - -{{- /* user-placeholder Priority */}} -{{- define "jupyterhub.user-placeholder-priority.fullname" -}} - {{- if (include "jupyterhub.fullname" .) }} - {{- include "jupyterhub.user-placeholder.fullname" . }} - {{- else }} - {{- .Release.Name }}-user-placeholder-priority - {{- end }} -{{- end }} - -{{- /* image-puller Priority */}} -{{- define "jupyterhub.image-puller-priority.fullname" -}} - {{- if (include "jupyterhub.fullname" .) }} - {{- include "jupyterhub.fullname.dash" . }}image-puller - {{- else }} - {{- .Release.Name }}-image-puller-priority - {{- end }} -{{- end }} - -{{- /* user-scheduler's registered name */}} -{{- define "jupyterhub.user-scheduler.fullname" -}} - {{- if (include "jupyterhub.fullname" .) }} - {{- include "jupyterhub.user-scheduler-deploy.fullname" . }} - {{- else }} - {{- .Release.Name }}-user-scheduler - {{- end }} -{{- end }} - - - -{{- /* - A template to render all the named templates in this file for use in the - hub's ConfigMap. - - It is important we keep this in sync with the available templates. -*/}} -{{- define "jupyterhub.name-templates" -}} -fullname: {{ include "jupyterhub.fullname" . | quote }} -fullname-dash: {{ include "jupyterhub.fullname.dash" . | quote }} -hub: {{ include "jupyterhub.hub.fullname" . | quote }} -hub-serviceaccount: {{ include "jupyterhub.hub-serviceaccount.fullname" . | quote }} -hub-pvc: {{ include "jupyterhub.hub-pvc.fullname" . | quote }} -proxy: {{ include "jupyterhub.proxy.fullname" . | quote }} -proxy-api: {{ include "jupyterhub.proxy-api.fullname" . | quote }} -proxy-http: {{ include "jupyterhub.proxy-http.fullname" . | quote }} -proxy-public: {{ include "jupyterhub.proxy-public.fullname" . | quote }} -proxy-public-tls: {{ include "jupyterhub.proxy-public-tls.fullname" . | quote }} -proxy-public-manual-tls: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . | quote }} -autohttps: {{ include "jupyterhub.autohttps.fullname" . | quote }} -autohttps-serviceaccount: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . | quote }} -user-scheduler-deploy: {{ include "jupyterhub.user-scheduler-deploy.fullname" . | quote }} -user-scheduler-serviceaccount: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . | quote }} -user-scheduler-lock: {{ include "jupyterhub.user-scheduler-lock.fullname" . | quote }} -user-placeholder: {{ include "jupyterhub.user-placeholder.fullname" . | quote }} -image-puller-priority: {{ include "jupyterhub.image-puller-priority.fullname" . | quote }} -hook-image-awaiter: {{ include "jupyterhub.hook-image-awaiter.fullname" . | quote }} -hook-image-awaiter-serviceaccount: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . | quote }} -hook-image-puller: {{ include "jupyterhub.hook-image-puller.fullname" . | quote }} -hook-image-puller-serviceaccount: {{ include "jupyterhub.hook-image-puller-serviceaccount.fullname" . | quote }} -continuous-image-puller: {{ include "jupyterhub.continuous-image-puller.fullname" . | quote }} -continuous-image-puller-serviceaccount: {{ include "jupyterhub.continuous-image-puller-serviceaccount.fullname" . | quote }} -singleuser: {{ include "jupyterhub.singleuser.fullname" . | quote }} -image-pull-secret: {{ include "jupyterhub.image-pull-secret.fullname" . | quote }} -ingress: {{ include "jupyterhub.ingress.fullname" . | quote }} -priority: {{ include "jupyterhub.priority.fullname" . | quote }} -user-placeholder-priority: {{ include "jupyterhub.user-placeholder-priority.fullname" . | quote }} -user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} -{{- end }} +{{- define "jupyterhub.fullname" -}} + {{- printf "%s-jupyterhub" .Release.Name }} +{{- end }} + + +{{- define "jupyterhub.fullname.dash" -}} + {{- printf "%s-jupyterhub" .Release.Name }} +{{- end }} + + +{{- define "jupyterhub.hub.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hub +{{- end }} + +{{- define "jupyterhub.hub-serviceaccount.fullname" -}} + {{ include "jupyterhub.hub.fullname" . }}-sa +{{- end }} + +{{- /* hub PVC */}} +{{- define "jupyterhub.hub-pvc.fullname" -}} + jupyterhub-db-dir +{{- end }} + +{{- /* proxy Deployment */}} +{{- define "jupyterhub.proxy.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}proxy +{{- end }} + +{{- /* proxy-api Service */}} +{{- define "jupyterhub.proxy-api.fullname" -}} + {{- include "jupyterhub.proxy.fullname" . }}-api +{{- end }} + +{{- /* proxy-http Service */}} +{{- define "jupyterhub.proxy-http.fullname" -}} + {{- include "jupyterhub.proxy.fullname" . }}-http +{{- end }} + +{{- /* proxy-public Service */}} +{{- define "jupyterhub.proxy-public.fullname" -}} + jupyterhub-public +{{- end }} + +{{- /* proxy-public-tls Secret */}} +{{- define "jupyterhub.proxy-public-tls.fullname" -}} + {{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme +{{- end }} + +{{- /* proxy-public-manual-tls Secret */}} +{{- define "jupyterhub.proxy-public-manual-tls.fullname" -}} + {{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls +{{- end }} + +{{- /* autohttps Deployment */}} +{{- define "jupyterhub.autohttps.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}autohttps +{{- end }} + +{{- /* autohttps-serviceaccount ServiceAccount */}} +{{- define "jupyterhub.autohttps-serviceaccount.fullname" -}} + {{- printf "%s-sa" (include "jupyterhub.autohttps.fullname" .) }} +{{- end }} + +{{- /* user-scheduler Deployment */}} +{{- define "jupyterhub.user-scheduler-deploy.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}user-scheduler +{{- end }} + +{{- /* user-scheduler-serviceaccount ServiceAccount */}} +{{- define "jupyterhub.user-scheduler-serviceaccount.fullname" -}} + {{- printf "%s-sa" (include "jupyterhub.user-scheduler-deploy.fullname" .) }} +{{- end }} + +{{- /* user-scheduler leader election lock resource */}} +{{- define "jupyterhub.user-scheduler-lock.fullname" -}} + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock +{{- end }} + +{{- /* user-placeholder StatefulSet */}} +{{- define "jupyterhub.user-placeholder.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}user-placeholder +{{- end }} + +{{- /* image-awaiter Job */}} +{{- define "jupyterhub.hook-image-awaiter.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter +{{- end }} + +{{- /* image-awaiter-serviceaccount ServiceAccount */}} +{{- define "jupyterhub.hook-image-awaiter-serviceaccount.fullname" -}} + {{- include "jupyterhub.hook-image-awaiter.fullname" . }}-sa +{{- end }} + + +{{- /* hook-image-puller DaemonSet */}} +{{- define "jupyterhub.hook-image-puller.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hook-image-puller +{{- end }} + +{{- /* hook-image-puller ServiceAccount */}} +{{- define "jupyterhub.hook-image-puller-serviceaccount.fullname" -}} + {{- include "jupyterhub.hook-image-puller.fullname" . }}-sa +{{- end }} + +{{- /* continuous-image-puller DaemonSet */}} +{{- define "jupyterhub.continuous-image-puller.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}continuous-image-puller +{{- end }} + +{{- /* continuous-image-puller ServiceAccount */}} +{{- define "jupyterhub.continuous-image-puller-serviceaccount.fullname" -}} + {{- include "jupyterhub.continuous-image-puller.fullname" . }}-sa +{{- end }} + +{{- /* singleuser NetworkPolicy */}} +{{- define "jupyterhub.singleuser.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}singleuser +{{- end }} + +{{- /* image-pull-secret Secret */}} +{{- define "jupyterhub.image-pull-secret.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}image-pull-secret +{{- end }} + +{{- /* Ingress */}} +{{- define "jupyterhub.ingress.fullname" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.fullname" . }} + {{- else -}} + jupyterhub + {{- end }} +{{- end }} + + + + + +{{- /* Priority */}} +{{- define "jupyterhub.priority.fullname" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.fullname" . }} + {{- else }} + {{- .Release.Name }}-default-priority + {{- end }} +{{- end }} + +{{- /* user-placeholder Priority */}} +{{- define "jupyterhub.user-placeholder-priority.fullname" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.user-placeholder.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-placeholder-priority + {{- end }} +{{- end }} + +{{- /* image-puller Priority */}} +{{- define "jupyterhub.image-puller-priority.fullname" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.fullname.dash" . }}image-puller + {{- else }} + {{- .Release.Name }}-image-puller-priority + {{- end }} +{{- end }} + +{{- /* user-scheduler's registered name */}} +{{- define "jupyterhub.user-scheduler.fullname" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-scheduler + {{- end }} +{{- end }} + + + +{{- /* + A template to render all the named templates in this file for use in the + hub's ConfigMap. + + It is important we keep this in sync with the available templates. +*/}} +{{- define "jupyterhub.name-templates" -}} +fullname: {{ include "jupyterhub.fullname" . | quote }} +fullname-dash: {{ include "jupyterhub.fullname.dash" . | quote }} +hub: {{ include "jupyterhub.hub.fullname" . | quote }} +hub-serviceaccount: {{ include "jupyterhub.hub-serviceaccount.fullname" . | quote }} +hub-pvc: {{ include "jupyterhub.hub-pvc.fullname" . | quote }} +proxy: {{ include "jupyterhub.proxy.fullname" . | quote }} +proxy-api: {{ include "jupyterhub.proxy-api.fullname" . | quote }} +proxy-http: {{ include "jupyterhub.proxy-http.fullname" . | quote }} +proxy-public: {{ include "jupyterhub.proxy-public.fullname" . | quote }} +proxy-public-tls: {{ include "jupyterhub.proxy-public-tls.fullname" . | quote }} +proxy-public-manual-tls: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . | quote }} +autohttps: {{ include "jupyterhub.autohttps.fullname" . | quote }} +autohttps-serviceaccount: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . | quote }} +user-scheduler-deploy: {{ include "jupyterhub.user-scheduler-deploy.fullname" . | quote }} +user-scheduler-serviceaccount: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . | quote }} +user-scheduler-lock: {{ include "jupyterhub.user-scheduler-lock.fullname" . | quote }} +user-placeholder: {{ include "jupyterhub.user-placeholder.fullname" . | quote }} +image-puller-priority: {{ include "jupyterhub.image-puller-priority.fullname" . | quote }} +hook-image-awaiter: {{ include "jupyterhub.hook-image-awaiter.fullname" . | quote }} +hook-image-awaiter-serviceaccount: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . | quote }} +hook-image-puller: {{ include "jupyterhub.hook-image-puller.fullname" . | quote }} +hook-image-puller-serviceaccount: {{ include "jupyterhub.hook-image-puller-serviceaccount.fullname" . | quote }} +continuous-image-puller: {{ include "jupyterhub.continuous-image-puller.fullname" . | quote }} +continuous-image-puller-serviceaccount: {{ include "jupyterhub.continuous-image-puller-serviceaccount.fullname" . | quote }} +singleuser: {{ include "jupyterhub.singleuser.fullname" . | quote }} +image-pull-secret: {{ include "jupyterhub.image-pull-secret.fullname" . | quote }} +ingress: {{ include "jupyterhub.ingress.fullname" . | quote }} +priority: {{ include "jupyterhub.priority.fullname" . | quote }} +user-placeholder-priority: {{ include "jupyterhub.user-placeholder-priority.fullname" . | quote }} +user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} +{{- end }} diff --git a/charts/jupyterhub/templates/_helpers-netpol.tpl b/charts/jupyterhub/templates/_helpers-netpol.tpl index b32c6510..eb25ef5b 100644 --- a/charts/jupyterhub/templates/_helpers-netpol.tpl +++ b/charts/jupyterhub/templates/_helpers-netpol.tpl @@ -1,72 +1,72 @@ -{{- define "jupyterhub.networkPolicy.renderEgressRules" -}} -{{- $root := index . 0 }} -{{- $netpol := index . 1 }} -{{- if or (or $netpol.egressAllowRules.dnsPortsCloudMetadataServer $netpol.egressAllowRules.dnsPortsKubeSystemNamespace) $netpol.egressAllowRules.dnsPortsPrivateIPs }} -- ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - to: - {{- if $netpol.egressAllowRules.dnsPortsCloudMetadataServer }} - # Allow outbound connections to DNS ports on the cloud metadata server - - ipBlock: - cidr: {{ $root.Values.singleuser.cloudMetadata.ip }}/32 - {{- end }} - {{- if $netpol.egressAllowRules.dnsPortsKubeSystemNamespace }} - # Allow outbound connections to DNS ports on pods in the kube-system - # namespace - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: kube-system - {{- end }} - {{- if $netpol.egressAllowRules.dnsPortsPrivateIPs }} - # Allow outbound connections to DNS ports on destinations in the private IP - # ranges - - ipBlock: - cidr: 10.0.0.0/8 - - ipBlock: - cidr: 172.16.0.0/12 - - ipBlock: - cidr: 192.168.0.0/16 - {{- end }} -{{- end }} - -{{- if $netpol.egressAllowRules.nonPrivateIPs }} -# Allow outbound connections to non-private IP ranges -- to: - - ipBlock: - cidr: 0.0.0.0/0 - except: - # As part of this rule: - # - don't allow outbound connections to private IPs - - 10.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - # - don't allow outbound connections to the cloud metadata server - - {{ $root.Values.singleuser.cloudMetadata.ip }}/32 -{{- end }} - -{{- if $netpol.egressAllowRules.privateIPs }} -# Allow outbound connections to private IP ranges -- to: - - ipBlock: - cidr: 10.0.0.0/8 - - ipBlock: - cidr: 172.16.0.0/12 - - ipBlock: - cidr: 192.168.0.0/16 -{{- end }} - -{{- if $netpol.egressAllowRules.cloudMetadataServer }} -# Allow outbound connections to the cloud metadata server -- to: - - ipBlock: - cidr: {{ $root.Values.singleuser.cloudMetadata.ip }}/32 -{{- end }} - -{{- with $netpol.egress }} -# Allow outbound connections based on user specified rules -{{ . | toYaml }} -{{- end }} -{{- end }} +{{- define "jupyterhub.networkPolicy.renderEgressRules" -}} +{{- $root := index . 0 }} +{{- $netpol := index . 1 }} +{{- if or (or $netpol.egressAllowRules.dnsPortsCloudMetadataServer $netpol.egressAllowRules.dnsPortsKubeSystemNamespace) $netpol.egressAllowRules.dnsPortsPrivateIPs }} +- ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + to: + {{- if $netpol.egressAllowRules.dnsPortsCloudMetadataServer }} + # Allow outbound connections to DNS ports on the cloud metadata server + - ipBlock: + cidr: {{ $root.Values.singleuser.cloudMetadata.ip }}/32 + {{- end }} + {{- if $netpol.egressAllowRules.dnsPortsKubeSystemNamespace }} + # Allow outbound connections to DNS ports on pods in the kube-system + # namespace + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + {{- end }} + {{- if $netpol.egressAllowRules.dnsPortsPrivateIPs }} + # Allow outbound connections to DNS ports on destinations in the private IP + # ranges + - ipBlock: + cidr: 10.0.0.0/8 + - ipBlock: + cidr: 172.16.0.0/12 + - ipBlock: + cidr: 192.168.0.0/16 + {{- end }} +{{- end }} + +{{- if $netpol.egressAllowRules.nonPrivateIPs }} +# Allow outbound connections to non-private IP ranges +- to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + # As part of this rule: + # - don't allow outbound connections to private IPs + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + # - don't allow outbound connections to the cloud metadata server + - {{ $root.Values.singleuser.cloudMetadata.ip }}/32 +{{- end }} + +{{- if $netpol.egressAllowRules.privateIPs }} +# Allow outbound connections to private IP ranges +- to: + - ipBlock: + cidr: 10.0.0.0/8 + - ipBlock: + cidr: 172.16.0.0/12 + - ipBlock: + cidr: 192.168.0.0/16 +{{- end }} + +{{- if $netpol.egressAllowRules.cloudMetadataServer }} +# Allow outbound connections to the cloud metadata server +- to: + - ipBlock: + cidr: {{ $root.Values.singleuser.cloudMetadata.ip }}/32 +{{- end }} + +{{- with $netpol.egress }} +# Allow outbound connections based on user specified rules +{{ . | toYaml }} +{{- end }} +{{- end }} diff --git a/charts/jupyterhub/templates/_helpers.tpl b/charts/jupyterhub/templates/_helpers.tpl index 7dd4027a..f75f3cf8 100644 --- a/charts/jupyterhub/templates/_helpers.tpl +++ b/charts/jupyterhub/templates/_helpers.tpl @@ -1,267 +1,267 @@ -{{- define "jupyterhub.appLabel" -}} -{{ .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - - -{{- define "jupyterhub.componentLabel" -}} -{{- $file := .Template.Name | base | trimSuffix ".yaml" -}} -{{- $parent := .Template.Name | dir | base | trimPrefix "templates" -}} -{{- $component := .componentLabel | default $parent | default $file -}} -{{- $component := print (.componentPrefix | default "") $component (.componentSuffix | default "") -}} -{{ $component }} -{{- end }} - - -{{- define "jupyterhub.commonLabels" -}} -{{- if .legacyLabels -}} -app: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} -release: {{ .Release.Name | quote }} -{{- if not .matchLabels }} -chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -heritage: {{ .Release.Service }} -{{- end }} -{{- end }} -{{- if and .legacyLabels .modernLabels -}} -{{ printf "\n" }} -{{- end }} -{{- if .modernLabels -}} -app.kubernetes.io/name: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- if not .matchLabels }} -helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} -{{- end }} - - -{{- /* - jupyterhub.labels: - Provides labels conditionally on .legacyLabels, .modernLabels, and .matchLabels, - that are supposed to in the scoped passed this helper function. - - The legacy labels are: - component - app - release - chart (omitted for matchLabels) - heritage (omitted for matchLabels) - - The equivalent modern labels are: - app.kubernetes.io/component - app.kubernetes.io/name - app.kubernetes.io/instance release - helm.sh/chart (omitted for matchLabels) - app.kubernetes.io/managed-by (omitted for matchLabels) -*/}} -{{- define "jupyterhub.labels" -}} -{{- /* - .legacyLabels defaults to true - .modernLabels defaults to false -*/ -}} -{{- $_ := . -}} -{{- if typeIs "" .legacyLabels -}} -{{- $_ = merge (dict "legacyLabels" true) $_ -}} -{{- end -}} -{{- if typeIs "" .modernLabels -}} -{{- $_ = merge (dict "modernLabels" true) $_ -}} -{{- end -}} - -{{- if $_.legacyLabels -}} -component: {{ include "jupyterhub.componentLabel" . }} -{{- end }} - -{{- if and $_.legacyLabels $_.modernLabels -}} -{{ printf "\n" }} -{{- end }} - -{{- if $_.modernLabels -}} -app.kubernetes.io/component: {{ include "jupyterhub.componentLabel" . }} -{{- end }} -{{ include "jupyterhub.commonLabels" $_ }} -{{- end }} - - -{{- /* - jupyterhub.matchLabels: - Provides legacy labels: - component - app - release -*/}} -{{- define "jupyterhub.matchLabels" -}} -{{- $_ := merge (dict "matchLabels" true "legacyLabels" true "modernLabels" false) . -}} -{{ include "jupyterhub.labels" $_ }} -{{- end }} - - -{{- /* - jupyterhub.matchLabelsModern: - Provides modern labels: - app.kubernetes.io/component - app.kubernetes.io/name - app.kubernetes.io/instance -*/}} -{{- define "jupyterhub.matchLabelsModern" -}} -{{- $_ := merge (dict "matchLabels" true "legacyLabels" false "modernLabels" true) . -}} -{{ include "jupyterhub.labels" $_ }} -{{- end }} - - -{{- /* - jupyterhub.matchLabelsLegacyAndModern: - Provides legacy and modern labels: - component - app - release - app.kubernetes.io/component - app.kubernetes.io/name - app.kubernetes.io/instance -*/}} -{{- define "jupyterhub.matchLabelsLegacyAndModern" -}} -{{- $_ := merge (dict "matchLabels" true "legacyLabels" true "modernLabels" true) . -}} -{{ include "jupyterhub.labels" $_ }} -{{- end }} - - -{{- /* - jupyterhub.dockerconfigjson: - Creates a base64 encoded docker registry json blob for use in a image pull - secret, just like the `kubectl create secret docker-registry` command does - for the generated secrets data.dockerconfigjson field. The output is - verified to be exactly the same even if you have a password spanning - multiple lines as you may need to use a private GCR registry. - - - https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod -*/}} -{{- define "jupyterhub.dockerconfigjson" -}} -{{ include "jupyterhub.dockerconfigjson.yaml" . | b64enc }} -{{- end }} - -{{- /* - jupyterhub.imagePullSecrets - Augments passed .pullSecrets with $.Values.imagePullSecrets -*/}} - -{{- define "jupyterhub.imagePullSecrets" -}} - {{- $jupyterhub_values := .root.Values }} - - {{- if ne .root.Chart.Name "jupyterhub" }} - {{- if .root.Values.jupyterhub }} - {{- $jupyterhub_values = .root.Values.jupyterhub }} - {{- end }} - {{- end }} - - {{- /* Initialize $_ as an empty dictionary to store values */}} - {{- $_ := dict }} - {{- $_ = set $_ "list" $jupyterhub_values.hub.imagePullSecrets | default list }} - - {{- /* Decide if something should be written */}} - {{- if not (eq ($_.list | toJson) "[]") }} - - {{- /* Process the $_.list where strings become dicts with a name key */}} - {{- $_ = set $_ "res" list }} - {{- range $_.list }} - {{- if eq (typeOf .) "string" }} - {{- $_ = set $_ "res" (append $_.res (dict "name" .)) }} - {{- else }} - {{- $_ = set $_ "res" (append $_.res .) }} - {{- end }} - {{- end }} - - {{- /* Write the results */}} - {{- $_.res | toJson }} - - {{- end }} -{{- end }} - -{{- /* - jupyterhub.singleuser.resources: - The resource request of a singleuser. -*/}} -{{- define "jupyterhub.singleuser.resources" -}} -{{- $r1 := "" -}} -{{- $r2 := "1G" -}} -{{- $r3 := "" -}} -{{- $r := or $r1 $r2 $r3 -}} -{{- $l1 := "" -}} -{{- $l2 := "" -}} -{{- $l3 := "" -}} -{{- $l := or $l1 $l2 $l3 -}} -{{- if $r -}} -requests: - {{- if $r1 }} - cpu: {{ "" }} - {{- end }} - {{- if $r2 }} - memory: {{ "1G" }} - {{- end }} -{{- end }} - -{{- if $l }} -limits: - {{- if $l1 }} - cpu: {{ "" }} - {{- end }} - {{- if $l2 }} - memory: {{ "" }} - {{- end }} -{{- end }} -{{- end }} - -{{- /* - jupyterhub.extraEnv: - Output YAML formatted EnvVar entries for use in a containers env field. -*/}} -{{- define "jupyterhub.extraEnv" -}} -{{- include "jupyterhub.extraEnv.withTrailingNewLine" . | trimSuffix "\n" }} -{{- end }} - -{{- define "jupyterhub.extraEnv.withTrailingNewLine" -}} -{{- if . }} -{{- /* If extraEnv is a list, we inject it as it is. */}} -{{- if eq (typeOf .) "[]interface {}" }} -{{- . | toYaml }} - -{{- /* If extraEnv is a map, we differentiate two cases: */}} -{{- else if eq (typeOf .) "map[string]interface {}" }} -{{- range $key, $value := . }} -{{- /* - - If extraEnv.someKey has a map value, then we add the value as a YAML - parsed list element and use the key as the name value unless its - explicitly set. -*/}} -{{- if eq (typeOf $value) "map[string]interface {}" }} -{{- merge (dict) $value (dict "name" $key) | list | toYaml | println }} -{{- /* - - If extraEnv.someKey has a string value, then we use the key as the - environment variable name for the value. -*/}} -{{- else if eq (typeOf $value) "string" -}} -- name: {{ $key | quote }} - value: {{ $value | quote | println }} -{{- else }} -{{- printf "?.extraEnv.%s had an unexpected type (%s)" $key (typeOf $value) | fail }} -{{- end }} -{{- end }} {{- /* end of range */}} -{{- end }} -{{- end }} {{- /* end of: if . */}} -{{- end }} {{- /* end of definition */}} - -{{- /* - jupyterhub.chart-version-to-git-ref: - Renders a valid git reference from a chartpress generated version string. - In practice, either a git tag or a git commit hash will be returned. - - - The version string will follow a chartpress pattern, see - https://github.com/jupyterhub/chartpress#examples-chart-versions-and-image-tags. - - - The regexReplaceAll function is a sprig library function, see - https://masterminds.github.io/sprig/strings.html. - - - The regular expression is in golang syntax, but \d had to become \\d for - example. -*/}} -{{- define "jupyterhub.chart-version-to-git-ref" -}} -{{- regexReplaceAll ".*[.-]n\\d+[.]h(.*)" . "${1}" }} -{{- end }} +{{- define "jupyterhub.appLabel" -}} +{{ .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + + +{{- define "jupyterhub.componentLabel" -}} +{{- $file := .Template.Name | base | trimSuffix ".yaml" -}} +{{- $parent := .Template.Name | dir | base | trimPrefix "templates" -}} +{{- $component := .componentLabel | default $parent | default $file -}} +{{- $component := print (.componentPrefix | default "") $component (.componentSuffix | default "") -}} +{{ $component }} +{{- end }} + + +{{- define "jupyterhub.commonLabels" -}} +{{- if .legacyLabels -}} +app: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} +release: {{ .Release.Name | quote }} +{{- if not .matchLabels }} +chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +heritage: {{ .Release.Service }} +{{- end }} +{{- end }} +{{- if and .legacyLabels .modernLabels -}} +{{ printf "\n" }} +{{- end }} +{{- if .modernLabels -}} +app.kubernetes.io/name: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- if not .matchLabels }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} +{{- end }} +{{- end }} + + +{{- /* + jupyterhub.labels: + Provides labels conditionally on .legacyLabels, .modernLabels, and .matchLabels, + that are supposed to in the scoped passed this helper function. + + The legacy labels are: + component + app + release + chart (omitted for matchLabels) + heritage (omitted for matchLabels) + + The equivalent modern labels are: + app.kubernetes.io/component + app.kubernetes.io/name + app.kubernetes.io/instance release + helm.sh/chart (omitted for matchLabels) + app.kubernetes.io/managed-by (omitted for matchLabels) +*/}} +{{- define "jupyterhub.labels" -}} +{{- /* + .legacyLabels defaults to true + .modernLabels defaults to false +*/ -}} +{{- $_ := . -}} +{{- if typeIs "" .legacyLabels -}} +{{- $_ = merge (dict "legacyLabels" true) $_ -}} +{{- end -}} +{{- if typeIs "" .modernLabels -}} +{{- $_ = merge (dict "modernLabels" true) $_ -}} +{{- end -}} + +{{- if $_.legacyLabels -}} +component: {{ include "jupyterhub.componentLabel" . }} +{{- end }} + +{{- if and $_.legacyLabels $_.modernLabels -}} +{{ printf "\n" }} +{{- end }} + +{{- if $_.modernLabels -}} +app.kubernetes.io/component: {{ include "jupyterhub.componentLabel" . }} +{{- end }} +{{ include "jupyterhub.commonLabels" $_ }} +{{- end }} + + +{{- /* + jupyterhub.matchLabels: + Provides legacy labels: + component + app + release +*/}} +{{- define "jupyterhub.matchLabels" -}} +{{- $_ := merge (dict "matchLabels" true "legacyLabels" true "modernLabels" false) . -}} +{{ include "jupyterhub.labels" $_ }} +{{- end }} + + +{{- /* + jupyterhub.matchLabelsModern: + Provides modern labels: + app.kubernetes.io/component + app.kubernetes.io/name + app.kubernetes.io/instance +*/}} +{{- define "jupyterhub.matchLabelsModern" -}} +{{- $_ := merge (dict "matchLabels" true "legacyLabels" false "modernLabels" true) . -}} +{{ include "jupyterhub.labels" $_ }} +{{- end }} + + +{{- /* + jupyterhub.matchLabelsLegacyAndModern: + Provides legacy and modern labels: + component + app + release + app.kubernetes.io/component + app.kubernetes.io/name + app.kubernetes.io/instance +*/}} +{{- define "jupyterhub.matchLabelsLegacyAndModern" -}} +{{- $_ := merge (dict "matchLabels" true "legacyLabels" true "modernLabels" true) . -}} +{{ include "jupyterhub.labels" $_ }} +{{- end }} + + +{{- /* + jupyterhub.dockerconfigjson: + Creates a base64 encoded docker registry json blob for use in a image pull + secret, just like the `kubectl create secret docker-registry` command does + for the generated secrets data.dockerconfigjson field. The output is + verified to be exactly the same even if you have a password spanning + multiple lines as you may need to use a private GCR registry. + + - https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +*/}} +{{- define "jupyterhub.dockerconfigjson" -}} +{{ include "jupyterhub.dockerconfigjson.yaml" . | b64enc }} +{{- end }} + +{{- /* + jupyterhub.imagePullSecrets + Augments passed .pullSecrets with $.Values.imagePullSecrets +*/}} + +{{- define "jupyterhub.imagePullSecrets" -}} + {{- $jupyterhub_values := .root.Values }} + + {{- if ne .root.Chart.Name "jupyterhub" }} + {{- if .root.Values.jupyterhub }} + {{- $jupyterhub_values = .root.Values.jupyterhub }} + {{- end }} + {{- end }} + + {{- /* Initialize $_ as an empty dictionary to store values */}} + {{- $_ := dict }} + {{- $_ = set $_ "list" $jupyterhub_values.hub.imagePullSecrets | default list }} + + {{- /* Decide if something should be written */}} + {{- if not (eq ($_.list | toJson) "[]") }} + + {{- /* Process the $_.list where strings become dicts with a name key */}} + {{- $_ = set $_ "res" list }} + {{- range $_.list }} + {{- if eq (typeOf .) "string" }} + {{- $_ = set $_ "res" (append $_.res (dict "name" .)) }} + {{- else }} + {{- $_ = set $_ "res" (append $_.res .) }} + {{- end }} + {{- end }} + + {{- /* Write the results */}} + {{- $_.res | toJson }} + + {{- end }} +{{- end }} + +{{- /* + jupyterhub.singleuser.resources: + The resource request of a singleuser. +*/}} +{{- define "jupyterhub.singleuser.resources" -}} +{{- $r1 := "" -}} +{{- $r2 := "1G" -}} +{{- $r3 := "" -}} +{{- $r := or $r1 $r2 $r3 -}} +{{- $l1 := "" -}} +{{- $l2 := "" -}} +{{- $l3 := "" -}} +{{- $l := or $l1 $l2 $l3 -}} +{{- if $r -}} +requests: + {{- if $r1 }} + cpu: {{ "" }} + {{- end }} + {{- if $r2 }} + memory: {{ "1G" }} + {{- end }} +{{- end }} + +{{- if $l }} +limits: + {{- if $l1 }} + cpu: {{ "" }} + {{- end }} + {{- if $l2 }} + memory: {{ "" }} + {{- end }} +{{- end }} +{{- end }} + +{{- /* + jupyterhub.extraEnv: + Output YAML formatted EnvVar entries for use in a containers env field. +*/}} +{{- define "jupyterhub.extraEnv" -}} +{{- include "jupyterhub.extraEnv.withTrailingNewLine" . | trimSuffix "\n" }} +{{- end }} + +{{- define "jupyterhub.extraEnv.withTrailingNewLine" -}} +{{- if . }} +{{- /* If extraEnv is a list, we inject it as it is. */}} +{{- if eq (typeOf .) "[]interface {}" }} +{{- . | toYaml }} + +{{- /* If extraEnv is a map, we differentiate two cases: */}} +{{- else if eq (typeOf .) "map[string]interface {}" }} +{{- range $key, $value := . }} +{{- /* + - If extraEnv.someKey has a map value, then we add the value as a YAML + parsed list element and use the key as the name value unless its + explicitly set. +*/}} +{{- if eq (typeOf $value) "map[string]interface {}" }} +{{- merge (dict) $value (dict "name" $key) | list | toYaml | println }} +{{- /* + - If extraEnv.someKey has a string value, then we use the key as the + environment variable name for the value. +*/}} +{{- else if eq (typeOf $value) "string" -}} +- name: {{ $key | quote }} + value: {{ $value | quote | println }} +{{- else }} +{{- printf "?.extraEnv.%s had an unexpected type (%s)" $key (typeOf $value) | fail }} +{{- end }} +{{- end }} {{- /* end of range */}} +{{- end }} +{{- end }} {{- /* end of: if . */}} +{{- end }} {{- /* end of definition */}} + +{{- /* + jupyterhub.chart-version-to-git-ref: + Renders a valid git reference from a chartpress generated version string. + In practice, either a git tag or a git commit hash will be returned. + + - The version string will follow a chartpress pattern, see + https://github.com/jupyterhub/chartpress#examples-chart-versions-and-image-tags. + + - The regexReplaceAll function is a sprig library function, see + https://masterminds.github.io/sprig/strings.html. + + - The regular expression is in golang syntax, but \d had to become \\d for + example. +*/}} +{{- define "jupyterhub.chart-version-to-git-ref" -}} +{{- regexReplaceAll ".*[.-]n\\d+[.]h(.*)" . "${1}" }} +{{- end }} diff --git a/charts/jupyterhub/templates/hub/_helpers-passwords.tpl b/charts/jupyterhub/templates/hub/_helpers-passwords.tpl index eca07187..ab58b041 100644 --- a/charts/jupyterhub/templates/hub/_helpers-passwords.tpl +++ b/charts/jupyterhub/templates/hub/_helpers-passwords.tpl @@ -1,75 +1,75 @@ -{{- /* - Returns given number of random Hex characters. - - - randNumeric 4 | atoi generates a random number in [0, 10^4) - This is a range range evenly divisble by 16, but even if off by one, - that last partial interval offsetting randomness is only 1 part in 625. - - mod N 16 maps to the range 0-15 - - printf "%x" represents a single number 0-15 as a single hex character -*/}} -{{- define "jupyterhub.randHex" -}} - {{- $result := "" }} - {{- range $i := until . }} - {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }} - {{- $result = print $result $rand_hex_char }} - {{- end }} - {{- $result }} -{{- end }} - -{{- define "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" -}} - {{- if (.Values.hub.config | dig "ConfigurableHTTPProxy" "auth_token" "") }} - {{- .Values.hub.config.ConfigurableHTTPProxy.auth_token }} - {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} - {{- if hasKey $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" }} - {{- index $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" | b64dec }} - {{- else }} - {{- randAlphaNum 64 }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "jupyterhub.hub.config.JupyterHub.cookie_secret" -}} - {{- if (.Values.hub.config | dig "JupyterHub" "cookie_secret" "") }} - {{- .Values.hub.config.JupyterHub.cookie_secret }} - {{- else if .Values.hub.cookieSecret }} - {{- .Values.hub.cookieSecret }} - {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} - {{- if hasKey $k8s_state.data "hub.config.JupyterHub.cookie_secret" }} - {{- index $k8s_state.data "hub.config.JupyterHub.cookie_secret" | b64dec }} - {{- else }} - {{- include "jupyterhub.randHex" 64 }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "jupyterhub.hub.config.CryptKeeper.keys" -}} - {{- if (.Values.hub.config | dig "CryptKeeper" "keys" "") }} - {{- .Values.hub.config.CryptKeeper.keys | join ";" }} - {{- else }} - {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} - {{- if hasKey $k8s_state.data "hub.config.CryptKeeper.keys" }} - {{- index $k8s_state.data "hub.config.CryptKeeper.keys" | b64dec }} - {{- else }} - {{- include "jupyterhub.randHex" 64 }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "jupyterhub.hub.services.get_api_token" -}} - {{- $_ := index . 0 }} - {{- $service_key := index . 1 }} - {{- $explicitly_set_api_token := or ($_.Values.hub.services | dig $service_key "api_token" "") ($_.Values.hub.services | dig $service_key "apiToken" "") }} - {{- if $explicitly_set_api_token }} - {{- $explicitly_set_api_token }} - {{- else }} - {{- $k8s_state := lookup "v1" "Secret" $_.Release.Namespace (include "jupyterhub.hub.fullname" $_) | default (dict "data" (dict)) }} - {{- $k8s_secret_key := print "hub.services." $service_key ".apiToken" }} - {{- if hasKey $k8s_state.data $k8s_secret_key }} - {{- index $k8s_state.data $k8s_secret_key | b64dec }} - {{- else }} - {{- include "jupyterhub.randHex" 64 }} - {{- end }} - {{- end }} -{{- end }} +{{- /* + Returns given number of random Hex characters. + + - randNumeric 4 | atoi generates a random number in [0, 10^4) + This is a range range evenly divisble by 16, but even if off by one, + that last partial interval offsetting randomness is only 1 part in 625. + - mod N 16 maps to the range 0-15 + - printf "%x" represents a single number 0-15 as a single hex character +*/}} +{{- define "jupyterhub.randHex" -}} + {{- $result := "" }} + {{- range $i := until . }} + {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }} + {{- $result = print $result $rand_hex_char }} + {{- end }} + {{- $result }} +{{- end }} + +{{- define "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" -}} + {{- if (.Values.hub.config | dig "ConfigurableHTTPProxy" "auth_token" "") }} + {{- .Values.hub.config.ConfigurableHTTPProxy.auth_token }} + {{- else }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} + {{- if hasKey $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" }} + {{- index $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" | b64dec }} + {{- else }} + {{- randAlphaNum 64 }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "jupyterhub.hub.config.JupyterHub.cookie_secret" -}} + {{- if (.Values.hub.config | dig "JupyterHub" "cookie_secret" "") }} + {{- .Values.hub.config.JupyterHub.cookie_secret }} + {{- else if .Values.hub.cookieSecret }} + {{- .Values.hub.cookieSecret }} + {{- else }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} + {{- if hasKey $k8s_state.data "hub.config.JupyterHub.cookie_secret" }} + {{- index $k8s_state.data "hub.config.JupyterHub.cookie_secret" | b64dec }} + {{- else }} + {{- include "jupyterhub.randHex" 64 }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "jupyterhub.hub.config.CryptKeeper.keys" -}} + {{- if (.Values.hub.config | dig "CryptKeeper" "keys" "") }} + {{- .Values.hub.config.CryptKeeper.keys | join ";" }} + {{- else }} + {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} + {{- if hasKey $k8s_state.data "hub.config.CryptKeeper.keys" }} + {{- index $k8s_state.data "hub.config.CryptKeeper.keys" | b64dec }} + {{- else }} + {{- include "jupyterhub.randHex" 64 }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "jupyterhub.hub.services.get_api_token" -}} + {{- $_ := index . 0 }} + {{- $service_key := index . 1 }} + {{- $explicitly_set_api_token := or ($_.Values.hub.services | dig $service_key "api_token" "") ($_.Values.hub.services | dig $service_key "apiToken" "") }} + {{- if $explicitly_set_api_token }} + {{- $explicitly_set_api_token }} + {{- else }} + {{- $k8s_state := lookup "v1" "Secret" $_.Release.Namespace (include "jupyterhub.hub.fullname" $_) | default (dict "data" (dict)) }} + {{- $k8s_secret_key := print "hub.services." $service_key ".apiToken" }} + {{- if hasKey $k8s_state.data $k8s_secret_key }} + {{- index $k8s_state.data $k8s_secret_key | b64dec }} + {{- else }} + {{- include "jupyterhub.randHex" 64 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/jupyterhub/templates/hub/configmap.yaml b/charts/jupyterhub/templates/hub/configmap.yaml index 37e853b8..dc2aa5ac 100644 --- a/charts/jupyterhub/templates/hub/configmap.yaml +++ b/charts/jupyterhub/templates/hub/configmap.yaml @@ -1,30 +1,30 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: jupyterhub-configs - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -data: - {{- /* - Resource names exposed to reliably reference them. - - user-scheduler: "my-helm-release-user-scheduler" - ... - */}} - {{- include "jupyterhub.name-templates" . | nindent 2 }} - - {{- /* - Glob files to allow them to be mounted by the hub pod - - jupyterhub_config: | - multi line string content... - z2jh.py: | - multi line string content... - */}} - {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} - - {{- /* - Store away a checksum of the hook-image-puller daemonset so future upgrades - can compare and decide if it should run or not using the `lookup` function. - */}} - checksum_hook-image-puller: {{ include "jupyterhub.imagePuller.daemonset.hook.checksum" . | quote }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: jupyterhub-configs + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +data: + {{- /* + Resource names exposed to reliably reference them. + + user-scheduler: "my-helm-release-user-scheduler" + ... + */}} + {{- include "jupyterhub.name-templates" . | nindent 2 }} + + {{- /* + Glob files to allow them to be mounted by the hub pod + + jupyterhub_config: | + multi line string content... + z2jh.py: | + multi line string content... + */}} + {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} + + {{- /* + Store away a checksum of the hook-image-puller daemonset so future upgrades + can compare and decide if it should run or not using the `lookup` function. + */}} + checksum_hook-image-puller: {{ include "jupyterhub.imagePuller.daemonset.hook.checksum" . | quote }} diff --git a/charts/jupyterhub/templates/hub/deployment.yaml b/charts/jupyterhub/templates/hub/deployment.yaml index 11a740e8..8a2011b8 100644 --- a/charts/jupyterhub/templates/hub/deployment.yaml +++ b/charts/jupyterhub/templates/hub/deployment.yaml @@ -1,106 +1,106 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jupyterhub.hub.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - strategy: - type: Recreate - template: - metadata: - labels: - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - hub.jupyter.org/network-access-proxy-api: "true" - hub.jupyter.org/network-access-proxy-http: "true" - hub.jupyter.org/network-access-singleuser: "true" - annotations: - checksum/config-map: {{ include (print .Template.BasePath "/hub/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print .Template.BasePath "/hub/secret.yaml") . | sha256sum }} - spec: - {{- include "jupyterhub.coreAffinity" . | nindent 6 }} - volumes: - - name: config - configMap: - name: jupyterhub-configs - - name: secret - secret: - secretName: jupyterhub-secrets - - name: pvc - persistentVolumeClaim: - claimName: {{ include "jupyterhub.hub-pvc.fullname" . }} - {{- with include "jupyterhub.hub-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - securityContext: - runAsNonRoot: true - fsGroup: 1000 - seccompProfile: - type: "RuntimeDefault" - {{- with include "jupyterhub.imagePullSecrets" (dict "root" . "image" .Values.hub.image) }} - imagePullSecrets: {{ . }} - {{- end }} - containers: - - name: hub - image: quay.io/jupyterhub/k8s-hub:4.1.1-0.dev.git.6957.h29729451 - args: - - jupyterhub - - --config - - /usr/local/etc/jupyterhub/jupyterhub_config.py - - --upgrade-db - volumeMounts: - - mountPath: /usr/local/etc/jupyterhub/jupyterhub_config.py - subPath: jupyterhub_config.py - name: config - - mountPath: /usr/local/etc/jupyterhub/z2jh.py - subPath: z2jh.py - name: config - - mountPath: /usr/local/etc/jupyterhub/config/ - name: config - - mountPath: /usr/local/etc/jupyterhub/secret/ - name: secret - - mountPath: /srv/jupyterhub - name: pvc - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - env: - - name: PYTHONUNBUFFERED - value: "1" - - name: HELM_RELEASE_NAME - value: {{ .Release.Name | quote }} - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIGPROXY_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: jupyterhub-secrets - key: hub.config.ConfigurableHTTPProxy.auth_token - ports: - - name: http - containerPort: 8081 - livenessProbe: - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 30 - failureThreshold: 3 - httpGet: - path: /hub/health - port: http - readinessProbe: - initialDelaySeconds: 0 - periodSeconds: 2 - timeoutSeconds: 1000 - failureThreshold: 1 - httpGet: - path: /hub/health - port: http +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jupyterhub.hub.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + hub.jupyter.org/network-access-proxy-api: "true" + hub.jupyter.org/network-access-proxy-http: "true" + hub.jupyter.org/network-access-singleuser: "true" + annotations: + checksum/config-map: {{ include (print .Template.BasePath "/hub/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print .Template.BasePath "/hub/secret.yaml") . | sha256sum }} + spec: + {{- include "jupyterhub.coreAffinity" . | nindent 6 }} + volumes: + - name: config + configMap: + name: jupyterhub-configs + - name: secret + secret: + secretName: jupyterhub-secrets + - name: pvc + persistentVolumeClaim: + claimName: {{ include "jupyterhub.hub-pvc.fullname" . }} + {{- with include "jupyterhub.hub-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + securityContext: + runAsNonRoot: true + fsGroup: 1000 + seccompProfile: + type: "RuntimeDefault" + {{- with include "jupyterhub.imagePullSecrets" (dict "root" . "image" .Values.hub.image) }} + imagePullSecrets: {{ . }} + {{- end }} + containers: + - name: hub + image: quay.io/jupyterhub/k8s-hub:4.1.1-0.dev.git.6957.h29729451 + args: + - jupyterhub + - --config + - /usr/local/etc/jupyterhub/jupyterhub_config.py + - --upgrade-db + volumeMounts: + - mountPath: /usr/local/etc/jupyterhub/jupyterhub_config.py + subPath: jupyterhub_config.py + name: config + - mountPath: /usr/local/etc/jupyterhub/z2jh.py + subPath: z2jh.py + name: config + - mountPath: /usr/local/etc/jupyterhub/config/ + name: config + - mountPath: /usr/local/etc/jupyterhub/secret/ + name: secret + - mountPath: /srv/jupyterhub + name: pvc + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + env: + - name: PYTHONUNBUFFERED + value: "1" + - name: HELM_RELEASE_NAME + value: {{ .Release.Name | quote }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIGPROXY_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: jupyterhub-secrets + key: hub.config.ConfigurableHTTPProxy.auth_token + ports: + - name: http + containerPort: 8081 + livenessProbe: + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 30 + failureThreshold: 3 + httpGet: + path: /hub/health + port: http + readinessProbe: + initialDelaySeconds: 0 + periodSeconds: 2 + timeoutSeconds: 1000 + failureThreshold: 1 + httpGet: + path: /hub/health + port: http diff --git a/charts/jupyterhub/templates/hub/netpol.yaml b/charts/jupyterhub/templates/hub/netpol.yaml index 188e48b2..f85d24f0 100644 --- a/charts/jupyterhub/templates/hub/netpol.yaml +++ b/charts/jupyterhub/templates/hub/netpol.yaml @@ -1,36 +1,36 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jupyterhub.hub.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - policyTypes: - - Ingress - - Egress - ingress: - - ports: - - port: http - from: - - podSelector: - matchLabels: - hub.jupyter.org/network-access-hub: "true" - egress: - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "proxy") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8001 - - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8888 +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "jupyterhub.hub.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - port: http + from: + - podSelector: + matchLabels: + hub.jupyter.org/network-access-hub: "true" + egress: + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "proxy") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8001 + + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8888 diff --git a/charts/jupyterhub/templates/hub/pvc.yaml b/charts/jupyterhub/templates/hub/pvc.yaml index 632aac10..24cb05f8 100644 --- a/charts/jupyterhub/templates/hub/pvc.yaml +++ b/charts/jupyterhub/templates/hub/pvc.yaml @@ -1,12 +1,12 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "jupyterhub.hub-pvc.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "jupyterhub.hub-pvc.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/charts/jupyterhub/templates/hub/rbac.yaml b/charts/jupyterhub/templates/hub/rbac.yaml index 6a796592..1856a60b 100644 --- a/charts/jupyterhub/templates/hub/rbac.yaml +++ b/charts/jupyterhub/templates/hub/rbac.yaml @@ -1,28 +1,28 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.hub.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["pods", "persistentvolumeclaims", "secrets", "services"] - verbs: ["get", "watch", "list", "create", "delete"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "watch", "list"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.hub.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ include "jupyterhub.hub-serviceaccount.fullname" . }} - namespace: "{{ .Release.Namespace }}" -roleRef: - kind: Role - name: {{ include "jupyterhub.hub.fullname" . }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.hub.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["pods", "persistentvolumeclaims", "secrets", "services"] + verbs: ["get", "watch", "list", "create", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "watch", "list"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.hub.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "jupyterhub.hub-serviceaccount.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ include "jupyterhub.hub.fullname" . }} apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/jupyterhub/templates/hub/secret.yaml b/charts/jupyterhub/templates/hub/secret.yaml index 5e9852cb..ce3b8b5a 100644 --- a/charts/jupyterhub/templates/hub/secret.yaml +++ b/charts/jupyterhub/templates/hub/secret.yaml @@ -1,16 +1,16 @@ -kind: Secret -apiVersion: v1 -metadata: - name: "jupyterhub-secrets" - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -type: Opaque -data: - {{- $values := merge dict .Values }} - {{- /* also passthrough subset of Chart / Release */}} - {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version "AppVersion" .Chart.AppVersion) }} - {{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }} - values.yaml: {{ $values | toYaml | b64enc | quote }} - hub.config.ConfigurableHTTPProxy.auth_token: {{ include "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" . | required "This should not happen: blank output from 'jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token' template" | b64enc | quote }} - hub.config.JupyterHub.cookie_secret: {{ include "jupyterhub.hub.config.JupyterHub.cookie_secret" . | required "This should not happen: blank output from 'jupyterhub.hub.config.JupyterHub.cookie_secret' template" | b64enc | quote }} +kind: Secret +apiVersion: v1 +metadata: + name: "jupyterhub-secrets" + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +type: Opaque +data: + {{- $values := merge dict .Values }} + {{- /* also passthrough subset of Chart / Release */}} + {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version "AppVersion" .Chart.AppVersion) }} + {{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }} + values.yaml: {{ $values | toYaml | b64enc | quote }} + hub.config.ConfigurableHTTPProxy.auth_token: {{ include "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" . | required "This should not happen: blank output from 'jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token' template" | b64enc | quote }} + hub.config.JupyterHub.cookie_secret: {{ include "jupyterhub.hub.config.JupyterHub.cookie_secret" . | required "This should not happen: blank output from 'jupyterhub.hub.config.JupyterHub.cookie_secret' template" | b64enc | quote }} hub.config.CryptKeeper.keys: {{ include "jupyterhub.hub.config.CryptKeeper.keys" . | required "This should not happen: blank output from 'jupyterhub.hub.config.CryptKeeper.keys' template" | b64enc | quote }} \ No newline at end of file diff --git a/charts/jupyterhub/templates/hub/service.yaml b/charts/jupyterhub/templates/hub/service.yaml index 156aa72f..f47683f6 100644 --- a/charts/jupyterhub/templates/hub/service.yaml +++ b/charts/jupyterhub/templates/hub/service.yaml @@ -1,18 +1,18 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jupyterhub.hub.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: {{ .Values.hub.baseUrl | trimSuffix "/" }}/hub/metrics - prometheus.io/port: "8081" -spec: - type: ClusterIP - selector: - {{- include "jupyterhub.matchLabels" . | nindent 4 }} - ports: - - name: hub - port: 8081 - targetPort: http +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jupyterhub.hub.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: {{ .Values.hub.baseUrl | trimSuffix "/" }}/hub/metrics + prometheus.io/port: "8081" +spec: + type: ClusterIP + selector: + {{- include "jupyterhub.matchLabels" . | nindent 4 }} + ports: + - name: hub + port: 8081 + targetPort: http diff --git a/charts/jupyterhub/templates/hub/serviceaccount.yaml b/charts/jupyterhub/templates/hub/serviceaccount.yaml index bd029723..5561bdf1 100644 --- a/charts/jupyterhub/templates/hub/serviceaccount.yaml +++ b/charts/jupyterhub/templates/hub/serviceaccount.yaml @@ -1,6 +1,6 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jupyterhub.hub-serviceaccount.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jupyterhub.hub-serviceaccount.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} diff --git a/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 9da8c426..09f01214 100644 --- a/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -1,231 +1,231 @@ -{{- /* -Returns an image-puller daemonset. Two daemonsets will be created like this. -- hook-image-puller: for pre helm upgrade image pulling (lives temporarily) -- continuous-image-puller: for newly added nodes image pulling -*/}} -{{- define "jupyterhub.imagePuller.daemonset" -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - {{- if .hook }} - name: {{ include "jupyterhub.hook-image-puller.fullname" . }} - {{- else }} - name: {{ include "jupyterhub.continuous-image-puller.fullname" . }} - {{- end }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - {{- if .hook }} - hub.jupyter.org/deletable: "true" - {{- end }} - {{- if .hook }} - annotations: - {{- /* - Allows the daemonset to be deleted when the image-awaiter job is completed. - */}} - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-10" - {{- end }} -spec: - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100% - {{- if not (typeIs "" .Values.prePuller.revisionHistoryLimit) }} - revisionHistoryLimit: {{ .Values.prePuller.revisionHistoryLimit }} - {{- end }} - template: - metadata: - labels: - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - {{- with .Values.prePuller.annotations }} - annotations: - {{- . | toYaml | nindent 8 }} - {{- end }} - spec: - {{- /* - image-puller pods are made evictable to save on the k8s pods - per node limit all k8s clusters have and have a higher priority - than user-placeholder pods that could block an entire node. - */}} - {{- if include "jupyterhub.userNodeAffinityRequired" . }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - {{- include "jupyterhub.userNodeAffinityRequired" . | nindent 14 }} - {{- end }} - terminationGracePeriodSeconds: 0 - {{- if .hook }} - {{- with include "jupyterhub.hook-image-puller-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - {{- else }} - {{- with include "jupyterhub.continuous-image-puller-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - {{- end }} - automountServiceAccountToken: false - initContainers: - {{- /* --- Conditionally pull an image all user pods will use in an initContainer --- */}} - {{- $blockWithIptables := hasKey .Values.singleuser.cloudMetadata "enabled" | ternary (not .Values.singleuser.cloudMetadata.enabled) .Values.singleuser.cloudMetadata.blockWithIptables }} - {{- if $blockWithIptables }} - - name: image-pull-metadata-block - image: quay.io/jupyterhub/k8s-network-tools:4.1.1-0.dev.git.6949.h138f95a8 - command: - - /bin/sh - - -c - - echo "Pulling complete" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - {{- end }} - - {{- /* --- Pull default image --- */}} - - name: image-pull-singleuser - image: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - - - {{- /* --- Conditionally pull profileList images --- */}} - {{- range $k, $container := .Values.singleuser.profileList }} - {{- /* profile's kubespawner_override */}} - {{- if $container.kubespawner_override }} - {{- if $container.kubespawner_override.image }} - - name: image-pull-singleuser-profilelist-{{ $k }} - image: {{ $container.kubespawner_override.image }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - {{- end }} - {{- /* kubespawner_override in profile's profile_options */}} - {{- if $container.profile_options }} - {{- range $option, $option_spec := $container.profile_options }} - {{- if $option_spec.choices }} - {{- range $choice, $choice_spec := $option_spec.choices }} - {{- if $choice_spec.kubespawner_override }} - {{- if $choice_spec.kubespawner_override.image }} - - name: image-pull-profile-{{ $k }}-option-{{ $option }}-{{ $choice }} - image: {{ $choice_spec.kubespawner_override.image }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - containers: - - name: pause - image: registry.k8s.io/pause:3.10 - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -{{- end }} - - -{{- /* - Returns a rendered k8s DaemonSet resource: continuous-image-puller -*/}} -{{- define "jupyterhub.imagePuller.daemonset.continuous" -}} - {{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }} - {{- include "jupyterhub.imagePuller.daemonset" $_ }} -{{- end }} - - -{{- /* - Returns a rendered k8s DaemonSet resource: hook-image-puller -*/}} -{{- define "jupyterhub.imagePuller.daemonset.hook" -}} - {{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }} - {{- include "jupyterhub.imagePuller.daemonset" $_ }} -{{- end }} - - -{{- /* - Returns a checksum of the rendered k8s DaemonSet resource: hook-image-puller - - This checksum is used when prePuller.hook.pullOnlyOnChanges=true to decide if - it is worth creating the hook-image-puller associated resources. -*/}} -{{- define "jupyterhub.imagePuller.daemonset.hook.checksum" -}} - {{- /* - We pin componentLabel and Chart.Version as doing so can pin labels - of no importance if they would change. Chart.Name is also pinned as - a harmless technical workaround when we compute the checksum. - */}} - {{- $_ := merge (dict "componentLabel" "pinned" "Chart" (dict "Name" "jupyterhub" "Version" "pinned")) . -}} - {{- $yaml := include "jupyterhub.imagePuller.daemonset.hook" $_ }} - {{- $yaml | sha256sum }} -{{- end }} - - -{{- define "jupyterhub.imagePuller.daemonset.hook.install" -}} - {{- if .Values.prePuller.hook.enabled }} - {{- if .Values.prePuller.hook.pullOnlyOnChanges }} - {{- $new_checksum := include "jupyterhub.imagePuller.daemonset.hook.checksum" . }} - {{- $k8s_state := lookup "v1" "ConfigMap" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} - {{- $old_checksum := index $k8s_state.data "checksum_hook-image-puller" | default "" }} - {{- if ne $new_checksum $old_checksum -}} -# prePuller.hook.enabled={{ .Values.prePuller.hook.enabled }} -# prePuller.hook.pullOnlyOnChanges={{ .Values.prePuller.hook.pullOnlyOnChanges }} -# post-upgrade checksum != pre-upgrade checksum (of the hook-image-puller DaemonSet) -# "{{ $new_checksum }}" != "{{ $old_checksum}}" - {{- end }} - {{- else -}} -# prePuller.hook.enabled={{ .Values.prePuller.hook.enabled }} -# prePuller.hook.pullOnlyOnChanges={{ .Values.prePuller.hook.pullOnlyOnChanges }} - {{- end }} - {{- end }} -{{- end }} +{{- /* +Returns an image-puller daemonset. Two daemonsets will be created like this. +- hook-image-puller: for pre helm upgrade image pulling (lives temporarily) +- continuous-image-puller: for newly added nodes image pulling +*/}} +{{- define "jupyterhub.imagePuller.daemonset" -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + {{- if .hook }} + name: {{ include "jupyterhub.hook-image-puller.fullname" . }} + {{- else }} + name: {{ include "jupyterhub.continuous-image-puller.fullname" . }} + {{- end }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + {{- if .hook }} + hub.jupyter.org/deletable: "true" + {{- end }} + {{- if .hook }} + annotations: + {{- /* + Allows the daemonset to be deleted when the image-awaiter job is completed. + */}} + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-10" + {{- end }} +spec: + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 100% + {{- if not (typeIs "" .Values.prePuller.revisionHistoryLimit) }} + revisionHistoryLimit: {{ .Values.prePuller.revisionHistoryLimit }} + {{- end }} + template: + metadata: + labels: + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + {{- with .Values.prePuller.annotations }} + annotations: + {{- . | toYaml | nindent 8 }} + {{- end }} + spec: + {{- /* + image-puller pods are made evictable to save on the k8s pods + per node limit all k8s clusters have and have a higher priority + than user-placeholder pods that could block an entire node. + */}} + {{- if include "jupyterhub.userNodeAffinityRequired" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- include "jupyterhub.userNodeAffinityRequired" . | nindent 14 }} + {{- end }} + terminationGracePeriodSeconds: 0 + {{- if .hook }} + {{- with include "jupyterhub.hook-image-puller-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + {{- else }} + {{- with include "jupyterhub.continuous-image-puller-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + {{- end }} + automountServiceAccountToken: false + initContainers: + {{- /* --- Conditionally pull an image all user pods will use in an initContainer --- */}} + {{- $blockWithIptables := hasKey .Values.singleuser.cloudMetadata "enabled" | ternary (not .Values.singleuser.cloudMetadata.enabled) .Values.singleuser.cloudMetadata.blockWithIptables }} + {{- if $blockWithIptables }} + - name: image-pull-metadata-block + image: quay.io/jupyterhub/k8s-network-tools:4.1.1-0.dev.git.6949.h138f95a8 + command: + - /bin/sh + - -c + - echo "Pulling complete" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + {{- end }} + + {{- /* --- Pull default image --- */}} + - name: image-pull-singleuser + image: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }} + command: + - /bin/sh + - -c + - echo "Pulling complete" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + + + {{- /* --- Conditionally pull profileList images --- */}} + {{- range $k, $container := .Values.singleuser.profileList }} + {{- /* profile's kubespawner_override */}} + {{- if $container.kubespawner_override }} + {{- if $container.kubespawner_override.image }} + - name: image-pull-singleuser-profilelist-{{ $k }} + image: {{ $container.kubespawner_override.image }} + command: + - /bin/sh + - -c + - echo "Pulling complete" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + {{- end }} + {{- /* kubespawner_override in profile's profile_options */}} + {{- if $container.profile_options }} + {{- range $option, $option_spec := $container.profile_options }} + {{- if $option_spec.choices }} + {{- range $choice, $choice_spec := $option_spec.choices }} + {{- if $choice_spec.kubespawner_override }} + {{- if $choice_spec.kubespawner_override.image }} + - name: image-pull-profile-{{ $k }}-option-{{ $option }}-{{ $choice }} + image: {{ $choice_spec.kubespawner_override.image }} + command: + - /bin/sh + - -c + - echo "Pulling complete" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + + containers: + - name: pause + image: registry.k8s.io/pause:3.10 + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +{{- end }} + + +{{- /* + Returns a rendered k8s DaemonSet resource: continuous-image-puller +*/}} +{{- define "jupyterhub.imagePuller.daemonset.continuous" -}} + {{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }} + {{- include "jupyterhub.imagePuller.daemonset" $_ }} +{{- end }} + + +{{- /* + Returns a rendered k8s DaemonSet resource: hook-image-puller +*/}} +{{- define "jupyterhub.imagePuller.daemonset.hook" -}} + {{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }} + {{- include "jupyterhub.imagePuller.daemonset" $_ }} +{{- end }} + + +{{- /* + Returns a checksum of the rendered k8s DaemonSet resource: hook-image-puller + + This checksum is used when prePuller.hook.pullOnlyOnChanges=true to decide if + it is worth creating the hook-image-puller associated resources. +*/}} +{{- define "jupyterhub.imagePuller.daemonset.hook.checksum" -}} + {{- /* + We pin componentLabel and Chart.Version as doing so can pin labels + of no importance if they would change. Chart.Name is also pinned as + a harmless technical workaround when we compute the checksum. + */}} + {{- $_ := merge (dict "componentLabel" "pinned" "Chart" (dict "Name" "jupyterhub" "Version" "pinned")) . -}} + {{- $yaml := include "jupyterhub.imagePuller.daemonset.hook" $_ }} + {{- $yaml | sha256sum }} +{{- end }} + + +{{- define "jupyterhub.imagePuller.daemonset.hook.install" -}} + {{- if .Values.prePuller.hook.enabled }} + {{- if .Values.prePuller.hook.pullOnlyOnChanges }} + {{- $new_checksum := include "jupyterhub.imagePuller.daemonset.hook.checksum" . }} + {{- $k8s_state := lookup "v1" "ConfigMap" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }} + {{- $old_checksum := index $k8s_state.data "checksum_hook-image-puller" | default "" }} + {{- if ne $new_checksum $old_checksum -}} +# prePuller.hook.enabled={{ .Values.prePuller.hook.enabled }} +# prePuller.hook.pullOnlyOnChanges={{ .Values.prePuller.hook.pullOnlyOnChanges }} +# post-upgrade checksum != pre-upgrade checksum (of the hook-image-puller DaemonSet) +# "{{ $new_checksum }}" != "{{ $old_checksum}}" + {{- end }} + {{- else -}} +# prePuller.hook.enabled={{ .Values.prePuller.hook.enabled }} +# prePuller.hook.pullOnlyOnChanges={{ .Values.prePuller.hook.pullOnlyOnChanges }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/jupyterhub/templates/image-puller/daemonset-continuous.yaml b/charts/jupyterhub/templates/image-puller/daemonset-continuous.yaml index 85a572fd..a17e7b14 100644 --- a/charts/jupyterhub/templates/image-puller/daemonset-continuous.yaml +++ b/charts/jupyterhub/templates/image-puller/daemonset-continuous.yaml @@ -1,8 +1,8 @@ -{{- /* -The continuous-image-puller daemonset task is to pull required images to nodes -that are added in between helm upgrades, for example by manually adding a node -or by the cluster autoscaler. -*/}} -{{- if .Values.prePuller.continuous.enabled }} -{{- include "jupyterhub.imagePuller.daemonset.continuous" . }} -{{- end }} +{{- /* +The continuous-image-puller daemonset task is to pull required images to nodes +that are added in between helm upgrades, for example by manually adding a node +or by the cluster autoscaler. +*/}} +{{- if .Values.prePuller.continuous.enabled }} +{{- include "jupyterhub.imagePuller.daemonset.continuous" . }} +{{- end }} diff --git a/charts/jupyterhub/templates/image-puller/daemonset-hook.yaml b/charts/jupyterhub/templates/image-puller/daemonset-hook.yaml index 7e9c2d0f..ed81e7d0 100644 --- a/charts/jupyterhub/templates/image-puller/daemonset-hook.yaml +++ b/charts/jupyterhub/templates/image-puller/daemonset-hook.yaml @@ -1,9 +1,9 @@ -{{- /* -The hook-image-puller daemonset will be created with the highest priority during -helm upgrades. It's task is to pull the required images on all nodes. When the -image-awaiter job confirms the required images to be pulled, the daemonset is -deleted. Only then will the actual helm upgrade start. -*/}} -{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} -{{- include "jupyterhub.imagePuller.daemonset.hook" . }} -{{- end }} +{{- /* +The hook-image-puller daemonset will be created with the highest priority during +helm upgrades. It's task is to pull the required images on all nodes. When the +image-awaiter job confirms the required images to be pulled, the daemonset is +deleted. Only then will the actual helm upgrade start. +*/}} +{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} +{{- include "jupyterhub.imagePuller.daemonset.hook" . }} +{{- end }} diff --git a/charts/jupyterhub/templates/image-puller/job.yaml b/charts/jupyterhub/templates/image-puller/job.yaml index 2395c942..ae17ba59 100644 --- a/charts/jupyterhub/templates/image-puller/job.yaml +++ b/charts/jupyterhub/templates/image-puller/job.yaml @@ -1,65 +1,65 @@ -{{- /* -This job has a part to play in a helm upgrade process. It simply waits for the -hook-image-puller daemonset which is started slightly before this job to get -its' pods running. If all those pods are running they must have pulled all the -required images on all nodes as they are used as init containers with a dummy -command. -*/}} -{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - hub.jupyter.org/deletable: "true" - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "10" -spec: - template: - # The hook-image-awaiter Job and hook-image-puller DaemonSet was - # conditionally created based on this state: - # - {{- include "jupyterhub.imagePuller.daemonset.hook.install" . | nindent 4 }} - # - metadata: - labels: - {{- /* Changes here will cause the Job to restart the pods. */}} - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - spec: - restartPolicy: Never - {{- with include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - tolerations: - - key: hub.jupyter.org/dedicated - operator: Equal - value: core - effect: NoSchedule - - key: hub.jupyter.org_dedicated - operator: Equal - value: core - effect: NoSchedule - containers: - - image: quay.io/jupyterhub/k8s-image-awaiter:4.1.1-0.dev.git.6943.hedd63d38 - name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} - command: - - /image-awaiter - - -ca-path=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - - -api-server-address=https://kubernetes.default.svc:$(KUBERNETES_SERVICE_PORT) - - -namespace={{ .Release.Namespace }} - - -daemonset={{ include "jupyterhub.hook-image-puller.fullname" . }} - - -pod-scheduling-wait-duration=10 - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -{{- end }} +{{- /* +This job has a part to play in a helm upgrade process. It simply waits for the +hook-image-puller daemonset which is started slightly before this job to get +its' pods running. If all those pods are running they must have pulled all the +required images on all nodes as they are used as init containers with a dummy +command. +*/}} +{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + hub.jupyter.org/deletable: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "10" +spec: + template: + # The hook-image-awaiter Job and hook-image-puller DaemonSet was + # conditionally created based on this state: + # + {{- include "jupyterhub.imagePuller.daemonset.hook.install" . | nindent 4 }} + # + metadata: + labels: + {{- /* Changes here will cause the Job to restart the pods. */}} + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + spec: + restartPolicy: Never + {{- with include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + tolerations: + - key: hub.jupyter.org/dedicated + operator: Equal + value: core + effect: NoSchedule + - key: hub.jupyter.org_dedicated + operator: Equal + value: core + effect: NoSchedule + containers: + - image: quay.io/jupyterhub/k8s-image-awaiter:4.1.1-0.dev.git.6943.hedd63d38 + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} + command: + - /image-awaiter + - -ca-path=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + - -api-server-address=https://kubernetes.default.svc:$(KUBERNETES_SERVICE_PORT) + - -namespace={{ .Release.Namespace }} + - -daemonset={{ include "jupyterhub.hook-image-puller.fullname" . }} + - -pod-scheduling-wait-duration=10 + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +{{- end }} diff --git a/charts/jupyterhub/templates/image-puller/rbac.yaml b/charts/jupyterhub/templates/image-puller/rbac.yaml index 17d9ff9c..ce2b3e1e 100644 --- a/charts/jupyterhub/templates/image-puller/rbac.yaml +++ b/charts/jupyterhub/templates/image-puller/rbac.yaml @@ -1,40 +1,40 @@ -{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - hub.jupyter.org/deletable: "true" - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" -rules: - - apiGroups: ["apps"] # "" indicates the core API group - resources: ["daemonsets"] - verbs: ["get"] ---- -{{- /* -... as declared by this binding. -*/}} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - hub.jupyter.org/deletable: "true" - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" -subjects: - - kind: ServiceAccount - name: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} - namespace: "{{ .Release.Namespace }}" -roleRef: - kind: Role - name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} - apiGroup: rbac.authorization.k8s.io -{{- end }} +{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + hub.jupyter.org/deletable: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "0" +rules: + - apiGroups: ["apps"] # "" indicates the core API group + resources: ["daemonsets"] + verbs: ["get"] +--- +{{- /* +... as declared by this binding. +*/}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + hub.jupyter.org/deletable: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "0" +subjects: + - kind: ServiceAccount + name: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/jupyterhub/templates/image-puller/serviceaccount-hook.yaml b/charts/jupyterhub/templates/image-puller/serviceaccount-hook.yaml index 9993916e..34fea6ab 100644 --- a/charts/jupyterhub/templates/image-puller/serviceaccount-hook.yaml +++ b/charts/jupyterhub/templates/image-puller/serviceaccount-hook.yaml @@ -1,14 +1,14 @@ -{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jupyterhub.hook-image-puller-serviceaccount.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - hub.jupyter.org/deletable: "true" - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-10" -{{- end }} - +{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jupyterhub.hook-image-puller-serviceaccount.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + hub.jupyter.org/deletable: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-10" +{{- end }} + diff --git a/charts/jupyterhub/templates/image-puller/serviceaccount.yaml b/charts/jupyterhub/templates/image-puller/serviceaccount.yaml index 6cba1868..c1a7c182 100644 --- a/charts/jupyterhub/templates/image-puller/serviceaccount.yaml +++ b/charts/jupyterhub/templates/image-puller/serviceaccount.yaml @@ -1,13 +1,13 @@ -{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - hub.jupyter.org/deletable: "true" - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" -{{- end }} +{{- if (include "jupyterhub.imagePuller.daemonset.hook.install" .) -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jupyterhub.hook-image-awaiter-serviceaccount.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + hub.jupyter.org/deletable: "true" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "0" +{{- end }} diff --git a/charts/jupyterhub/templates/ingress.yaml b/charts/jupyterhub/templates/ingress.yaml index ed20f780..a6be9ac1 100644 --- a/charts/jupyterhub/templates/ingress.yaml +++ b/charts/jupyterhub/templates/ingress.yaml @@ -1,30 +1,30 @@ -{{- if and .Values.service.nginx .Values.service.nginx.host }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "jupyterhub.ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: "" - nginx.ingress.kubernetes.io/auth-secret: "" - nginx.ingress.kubernetes.io/auth-type: "" -spec: - rules: - - host: {{ .Values.service.nginx.host }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ include "jupyterhub.proxy-public.fullname" $ }} - port: - number: 80 - tls: - - hosts: - - '{{ .Values.service.nginx.tlsHost | default .Values.service.nginx.host }}' - secretName: {{ .Values.service.nginx.tlsSecretName | default "tls-secret-replica" }} +{{- if and .Values.service.nginx .Values.service.nginx.host }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "jupyterhub.ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: "" + nginx.ingress.kubernetes.io/auth-secret: "" + nginx.ingress.kubernetes.io/auth-type: "" +spec: + rules: + - host: {{ .Values.service.nginx.host }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ include "jupyterhub.proxy-public.fullname" $ }} + port: + number: 80 + tls: + - hosts: + - '{{ .Values.service.nginx.tlsHost | default .Values.service.nginx.host }}' + secretName: {{ .Values.service.nginx.tlsSecretName | default "tls-secret-replica" }} {{- end }} \ No newline at end of file diff --git a/charts/jupyterhub/templates/proxy/autohttps/_configmap-dynamic.yaml b/charts/jupyterhub/templates/proxy/autohttps/_configmap-dynamic.yaml index 87e1d3bb..a135ea78 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/_configmap-dynamic.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/_configmap-dynamic.yaml @@ -1,60 +1,60 @@ -{{- define "jupyterhub.dynamic.yaml" -}} -http: - middlewares: - hsts: - headers: - stsIncludeSubdomains: flase - stsPreload: false - stsSeconds: 15724800 - redirect: - redirectScheme: - permanent: true - scheme: https - scheme: - headers: - customRequestHeaders: - X-Scheme: https - routers: - default: - entrypoints: - - "https" - middlewares: - - "hsts" - - "scheme" - rule: PathPrefix(`/`) - service: default - tls: - certResolver: default - domains: - {{- range $host := .Values.proxy.https.hosts }} - - main: {{ $host }} - {{- end }} - options: default - - insecure: - entrypoints: - - "http" - middlewares: - - "redirect" - rule: PathPrefix(`/`) - service: default - - services: - default: - loadBalancer: - servers: - - url: 'http://proxy-http:8000/' - -tls: - options: - default: - cipherSuites: - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - minVersion: VersionTLS12 - sniStrict: true -{{- end }} +{{- define "jupyterhub.dynamic.yaml" -}} +http: + middlewares: + hsts: + headers: + stsIncludeSubdomains: flase + stsPreload: false + stsSeconds: 15724800 + redirect: + redirectScheme: + permanent: true + scheme: https + scheme: + headers: + customRequestHeaders: + X-Scheme: https + routers: + default: + entrypoints: + - "https" + middlewares: + - "hsts" + - "scheme" + rule: PathPrefix(`/`) + service: default + tls: + certResolver: default + domains: + {{- range $host := .Values.proxy.https.hosts }} + - main: {{ $host }} + {{- end }} + options: default + + insecure: + entrypoints: + - "http" + middlewares: + - "redirect" + rule: PathPrefix(`/`) + service: default + + services: + default: + loadBalancer: + servers: + - url: 'http://proxy-http:8000/' + +tls: + options: + default: + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + minVersion: VersionTLS12 + sniStrict: true +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/_configmap-traefik.yaml b/charts/jupyterhub/templates/proxy/autohttps/_configmap-traefik.yaml index 0b160a7c..0bc57b8f 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/_configmap-traefik.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/_configmap-traefik.yaml @@ -1,61 +1,61 @@ -{{- define "jupyterhub.traefik.yaml" -}} -accessLog: - # Redact commonly sensitive headers - fields: - headers: - names: - Authorization: redacted - Cookie: redacted - Set-Cookie: redacted - X-Xsrftoken: redacted - # Only log errors - filters: - statusCodes: - - 500-599 - -# Automatically acquire certificates certificates form a Certificate -# Authority (CA) like Let's Encrypt using the ACME protocol's HTTP-01 -# challenge. -# -# ref: https://docs.traefik.io/https/acme/#certificate-resolvers -certificatesResolvers: - default: - acme: - caServer: {{ .Values.proxy.https.letsencrypt.acmeServer }} - email: {{ .Values.proxy.https.letsencrypt.contactEmail }} - httpChallenge: - entryPoint: http - storage: /etc/acme/acme.json - -# Let Traefik listen to port 80 and port 443 -# -# ref: https://docs.traefik.io/routing/entrypoints/ -entryPoints: - # Port 80, used for: - # - ACME HTTP-01 challenges - # - Redirects to HTTPS - http: - address: ':8080' - # Port 443, used for: - # - TLS Termination Proxy, where HTTPS transitions to HTTP. - https: - address: ':8443' - # Configure a high idle timeout for our websockets connections - transport: - respondingTimeouts: - idleTimeout: 10m0s - -# Config of logs about what happens to Traefik itself (startup, -# configuration, events, shutdown, and so on). -# -# ref: https://docs.traefik.io/observability/logs -log: - level: WARN - -# Let Traefik monitor another file we mount for dynamic configuration. As we -# mount this file through this configmap, we can make a `kubectl edit` on the -# configmap and have Traefik update on changes to dynamic.yaml. -providers: - file: - filename: /etc/traefik/dynamic.yaml -{{- end }} +{{- define "jupyterhub.traefik.yaml" -}} +accessLog: + # Redact commonly sensitive headers + fields: + headers: + names: + Authorization: redacted + Cookie: redacted + Set-Cookie: redacted + X-Xsrftoken: redacted + # Only log errors + filters: + statusCodes: + - 500-599 + +# Automatically acquire certificates certificates form a Certificate +# Authority (CA) like Let's Encrypt using the ACME protocol's HTTP-01 +# challenge. +# +# ref: https://docs.traefik.io/https/acme/#certificate-resolvers +certificatesResolvers: + default: + acme: + caServer: {{ .Values.proxy.https.letsencrypt.acmeServer }} + email: {{ .Values.proxy.https.letsencrypt.contactEmail }} + httpChallenge: + entryPoint: http + storage: /etc/acme/acme.json + +# Let Traefik listen to port 80 and port 443 +# +# ref: https://docs.traefik.io/routing/entrypoints/ +entryPoints: + # Port 80, used for: + # - ACME HTTP-01 challenges + # - Redirects to HTTPS + http: + address: ':8080' + # Port 443, used for: + # - TLS Termination Proxy, where HTTPS transitions to HTTP. + https: + address: ':8443' + # Configure a high idle timeout for our websockets connections + transport: + respondingTimeouts: + idleTimeout: 10m0s + +# Config of logs about what happens to Traefik itself (startup, +# configuration, events, shutdown, and so on). +# +# ref: https://docs.traefik.io/observability/logs +log: + level: WARN + +# Let Traefik monitor another file we mount for dynamic configuration. As we +# mount this file through this configmap, we can make a `kubectl edit` on the +# configmap and have Traefik update on changes to dynamic.yaml. +providers: + file: + filename: /etc/traefik/dynamic.yaml +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/configmap.yaml b/charts/jupyterhub/templates/proxy/autohttps/configmap.yaml index 6ba1c1ad..883d37ef 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/configmap.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/configmap.yaml @@ -1,28 +1,28 @@ -{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} -{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} -{{- if $autoHTTPS -}} -{{- $_ := .Values.proxy.https.letsencrypt.contactEmail | required "proxy.https.letsencrypt.contactEmail is a required field" -}} - -# This configmap contains Traefik configuration files to be mounted. -# - traefik.yaml will only be read during startup (static configuration) -# - dynamic.yaml will be read on change (dynamic configuration) -# -# ref: https://docs.traefik.io/getting-started/configuration-overview/ -# -# The configuration files are first rendered with Helm templating to large YAML -# strings. Then we use the fromYAML function on these strings to get an object, -# that we in turn merge with user provided extra configuration. -# -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "jupyterhub.autohttps.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -data: - traefik.yaml: | - {{- include "jupyterhub.traefik.yaml" . | fromYaml | toYaml | nindent 4 }} - dynamic.yaml: | - {{- include "jupyterhub.dynamic.yaml" . | fromYaml | toYaml | nindent 4 }} - -{{- end }} +{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} +{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} +{{- if $autoHTTPS -}} +{{- $_ := .Values.proxy.https.letsencrypt.contactEmail | required "proxy.https.letsencrypt.contactEmail is a required field" -}} + +# This configmap contains Traefik configuration files to be mounted. +# - traefik.yaml will only be read during startup (static configuration) +# - dynamic.yaml will be read on change (dynamic configuration) +# +# ref: https://docs.traefik.io/getting-started/configuration-overview/ +# +# The configuration files are first rendered with Helm templating to large YAML +# strings. Then we use the fromYAML function on these strings to get an object, +# that we in turn merge with user provided extra configuration. +# +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "jupyterhub.autohttps.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +data: + traefik.yaml: | + {{- include "jupyterhub.traefik.yaml" . | fromYaml | toYaml | nindent 4 }} + dynamic.yaml: | + {{- include "jupyterhub.dynamic.yaml" . | fromYaml | toYaml | nindent 4 }} + +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/deployment.yaml b/charts/jupyterhub/templates/proxy/autohttps/deployment.yaml index 9c4d2f5e..8aa29762 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -1,106 +1,106 @@ -{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} -{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} -{{- if $autoHTTPS -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jupyterhub.autohttps.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - hub.jupyter.org/network-access-proxy-http: "true" - annotations: - checksum/static-config: {{ include "jupyterhub.traefik.yaml" . | fromYaml | toYaml | sha256sum }} - spec: - {{- with include "jupyterhub.autohttps-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - {{- include "jupyterhub.coreAffinity" . | nindent 6 }} - volumes: - - name: certificates - emptyDir: {} - - name: traefik-config - configMap: - name: {{ include "jupyterhub.autohttps.fullname" . }} - initContainers: - - name: load-acme - image: "quay.io/jupyterhub/k8s-secret-sync:4.1.1-0.dev.git.6949.h78d62c2f" - args: - - load - - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - - acme.json - - /etc/acme/acme.json - env: - # We need this to get logs immediately - - name: PYTHONUNBUFFERED - value: "True" - volumeMounts: - - name: certificates - mountPath: /etc/acme - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - containers: - - name: traefik - image: "traefik:v3.3.4" - ports: - - name: http - containerPort: 8080 - - name: https - containerPort: 8443 - volumeMounts: - - name: traefik-config - mountPath: /etc/traefik - - name: certificates - mountPath: /etc/acme - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - - name: secret-sync - image: "quay.io/jupyterhub/k8s-secret-sync:4.1.1-0.dev.git.6949.h78d62c2f" - args: - - watch-save - - --label=app.kubernetes.io/name={{ include "jupyterhub.appLabel" . }} - - --label=app.kubernetes.io/instance={{ .Release.Name }} - - --label=helm.sh/chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - - --label=app.kubernetes.io/managed-by=secret-sync - - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - - acme.json - - /etc/acme/acme.json - env: - # We need this to get logs immediately - - name: PYTHONUNBUFFERED - value: "True" - volumeMounts: - - name: certificates - mountPath: /etc/acme - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -{{- end }} +{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} +{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} +{{- if $autoHTTPS -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jupyterhub.autohttps.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + hub.jupyter.org/network-access-proxy-http: "true" + annotations: + checksum/static-config: {{ include "jupyterhub.traefik.yaml" . | fromYaml | toYaml | sha256sum }} + spec: + {{- with include "jupyterhub.autohttps-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + {{- include "jupyterhub.coreAffinity" . | nindent 6 }} + volumes: + - name: certificates + emptyDir: {} + - name: traefik-config + configMap: + name: {{ include "jupyterhub.autohttps.fullname" . }} + initContainers: + - name: load-acme + image: "quay.io/jupyterhub/k8s-secret-sync:4.1.1-0.dev.git.6949.h78d62c2f" + args: + - load + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} + - acme.json + - /etc/acme/acme.json + env: + # We need this to get logs immediately + - name: PYTHONUNBUFFERED + value: "True" + volumeMounts: + - name: certificates + mountPath: /etc/acme + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + containers: + - name: traefik + image: "traefik:v3.3.4" + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + volumeMounts: + - name: traefik-config + mountPath: /etc/traefik + - name: certificates + mountPath: /etc/acme + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + - name: secret-sync + image: "quay.io/jupyterhub/k8s-secret-sync:4.1.1-0.dev.git.6949.h78d62c2f" + args: + - watch-save + - --label=app.kubernetes.io/name={{ include "jupyterhub.appLabel" . }} + - --label=app.kubernetes.io/instance={{ .Release.Name }} + - --label=helm.sh/chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + - --label=app.kubernetes.io/managed-by=secret-sync + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} + - acme.json + - /etc/acme/acme.json + env: + # We need this to get logs immediately + - name: PYTHONUNBUFFERED + value: "True" + volumeMounts: + - name: certificates + mountPath: /etc/acme + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/netpol.yaml b/charts/jupyterhub/templates/proxy/autohttps/netpol.yaml index e48635c9..eb0aca3c 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/netpol.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/netpol.yaml @@ -1,54 +1,54 @@ -{{- $HTTPS := .Values.proxy.https.enabled -}} -{{- $autoHTTPS := and $HTTPS (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} -{{- if $autoHTTPS -}} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jupyterhub.autohttps.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - policyTypes: - - Ingress - - Egress - - # IMPORTANT: - # NetworkPolicy's ingress "from" and egress "to" rule specifications require - # great attention to detail. A quick summary is: - # - # 1. You can provide "from"/"to" rules that provide access either ports or a - # subset of ports. - # 2. You can for each "from"/"to" rule provide any number of - # "sources"/"destinations" of four different kinds. - # - podSelector - targets pods with a certain label in the same namespace as the NetworkPolicy - # - namespaceSelector - targets all pods running in namespaces with a certain label - # - namespaceSelector and podSelector - targets pods with a certain label running in namespaces with a certain label - # - ipBlock - targets network traffic from/to a set of IP address ranges - # - # Read more at: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors - # - ingress: - # allowed pods (hub.jupyter.org/network-access-proxy-http) --> proxy (http/https port) - - ports: - - port: http - - port: https - from: - # source 1 - labeled pods - - podSelector: - matchLabels: - hub.jupyter.org/network-access-proxy-http: "true" - - - egress: - # autohttps --> proxy (http port) - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "proxy") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8000 -{{- end }} +{{- $HTTPS := .Values.proxy.https.enabled -}} +{{- $autoHTTPS := and $HTTPS (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} +{{- if $autoHTTPS -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "jupyterhub.autohttps.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + + # IMPORTANT: + # NetworkPolicy's ingress "from" and egress "to" rule specifications require + # great attention to detail. A quick summary is: + # + # 1. You can provide "from"/"to" rules that provide access either ports or a + # subset of ports. + # 2. You can for each "from"/"to" rule provide any number of + # "sources"/"destinations" of four different kinds. + # - podSelector - targets pods with a certain label in the same namespace as the NetworkPolicy + # - namespaceSelector - targets all pods running in namespaces with a certain label + # - namespaceSelector and podSelector - targets pods with a certain label running in namespaces with a certain label + # - ipBlock - targets network traffic from/to a set of IP address ranges + # + # Read more at: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors + # + ingress: + # allowed pods (hub.jupyter.org/network-access-proxy-http) --> proxy (http/https port) + - ports: + - port: http + - port: https + from: + # source 1 - labeled pods + - podSelector: + matchLabels: + hub.jupyter.org/network-access-proxy-http: "true" + + + egress: + # autohttps --> proxy (http port) + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "proxy") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8000 +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/rbac.yaml b/charts/jupyterhub/templates/proxy/autohttps/rbac.yaml index 59087b7e..899d7a1a 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/rbac.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/rbac.yaml @@ -1,31 +1,31 @@ -{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}} -{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}} -{{- if $autoHTTPS -}} -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "jupyterhub.autohttps.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "patch", "list", "create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "jupyterhub.autohttps.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }} - apiGroup: -roleRef: - kind: Role - name: {{ include "jupyterhub.autohttps.fullname" . }} - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} +{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}} +{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}} +{{- if $autoHTTPS -}} +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "jupyterhub.autohttps.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "patch", "list", "create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "jupyterhub.autohttps.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }} + apiGroup: +roleRef: + kind: Role + name: {{ include "jupyterhub.autohttps.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/service.yaml b/charts/jupyterhub/templates/proxy/autohttps/service.yaml index 27fa06be..b12d36ff 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/service.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/service.yaml @@ -1,18 +1,18 @@ -{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} -{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} -{{- if $autoHTTPS -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jupyterhub.proxy-http.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- $_ := merge (dict "componentLabel" "proxy") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 4 }} - ports: - - port: 8000 - targetPort: http -{{- end }} +{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }} +{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }} +{{- if $autoHTTPS -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jupyterhub.proxy-http.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + type: ClusterIP + selector: + {{- $_ := merge (dict "componentLabel" "proxy") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 4 }} + ports: + - port: 8000 + targetPort: http +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/autohttps/serviceaccount.yaml b/charts/jupyterhub/templates/proxy/autohttps/serviceaccount.yaml index 01667caa..fc75fc09 100644 --- a/charts/jupyterhub/templates/proxy/autohttps/serviceaccount.yaml +++ b/charts/jupyterhub/templates/proxy/autohttps/serviceaccount.yaml @@ -1,10 +1,10 @@ -{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}} -{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}} -{{- if $autoHTTPS -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -{{- end }} +{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}} +{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}} +{{- if $autoHTTPS -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +{{- end }} diff --git a/charts/jupyterhub/templates/proxy/deployment.yaml b/charts/jupyterhub/templates/proxy/deployment.yaml index 48174080..e47126c9 100644 --- a/charts/jupyterhub/templates/proxy/deployment.yaml +++ b/charts/jupyterhub/templates/proxy/deployment.yaml @@ -1,134 +1,134 @@ -{{- $manualHTTPS := and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manual") -}} -{{- $manualHTTPSwithsecret := and .Values.proxy.https.enabled (eq .Values.proxy.https.type "secret") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jupyterhub.proxy.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - strategy: - type: Recreate - template: - metadata: - labels: - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - hub.jupyter.org/network-access-hub: "true" - hub.jupyter.org/network-access-singleuser: "true" - annotations: - # We want to restart proxy only if the auth token changes - # Other changes to the hub config should not restart. - # We truncate to 4 chars to avoid leaking auth token info, - # since someone could brute force the hash to obtain the token - # - # Note that if auth_token has to be generated at random, it will be - # generated at random here separately from being generated at random in - # the k8s Secret template. This will cause this annotation to change to - # match the k8s Secret during the first upgrade following an auth_token - # was generated. - spec: - terminationGracePeriodSeconds: 60 - {{- include "jupyterhub.coreAffinity" . | nindent 6 }} - {{- if $manualHTTPS }} - volumes: - - name: tls-secret - secret: - secretName: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} - {{- else if $manualHTTPSwithsecret }} - volumes: - - name: tls-secret - secret: - secretName: {{ .Values.proxy.https.secret.name }} - {{- end }} - containers: - - name: chp - image: quay.io/jupyterhub/configurable-http-proxy:4.6.3 - {{- $hubNameAsEnv := include "jupyterhub.hub.fullname" . | upper | replace "-" "_" }} - {{- $hubHost := printf "http://%s:$(%s_SERVICE_PORT)" (include "jupyterhub.hub.fullname" .) $hubNameAsEnv }} - command: - - configurable-http-proxy - - "--ip=" - - "--api-ip=" - - --api-port=8001 - - --default-target= $hubHost - - --error-target= printf "%s/hub/error" $hubHost) - {{- if $manualHTTPS }} - - --port=8443 - - --redirect-port=8000 - - --redirect-to=443 - - --ssl-key=/etc/chp/tls/tls.key - - --ssl-cert=/etc/chp/tls/tls.crt - {{- else if $manualHTTPSwithsecret }} - - --port=8443 - - --redirect-port=8000 - - --redirect-to=443 - - --ssl-key=/etc/chp/tls/{{ .Values.proxy.https.secret.key }} - - --ssl-cert=/etc/chp/tls/{{ .Values.proxy.https.secret.crt }} - {{- else }} - - --port=8000 - {{- end }} - {{- if or $manualHTTPS $manualHTTPSwithsecret }} - volumeMounts: - - name: tls-secret - mountPath: /etc/chp/tls - readOnly: true - {{- end }} - env: - - name: CONFIGPROXY_AUTH_TOKEN - valueFrom: - secretKeyRef: - # NOTE: References the chart managed k8s Secret even if - # hub.existingSecret is specified to avoid using the - # lookup function on the user managed k8s Secret. - name: jupyterhub-secrets - key: hub.config.ConfigurableHTTPProxy.auth_token - ports: - {{- if or $manualHTTPS $manualHTTPSwithsecret }} - - name: https - containerPort: 8443 - {{- end }} - - name: http - containerPort: 8000 - - name: api - containerPort: 8001 - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 30 - failureThreshold: 3 - httpGet: - path: /_chp_healthz - {{- if or $manualHTTPS $manualHTTPSwithsecret }} - port: https - scheme: HTTPS - {{- else }} - port: http - scheme: HTTP - {{- end }} - readinessProbe: - initialDelaySeconds: 0 - periodSeconds: 2 - timeoutSeconds: 1000 - failureThreshold: 1 - httpGet: - path: /_chp_healthz - {{- if or $manualHTTPS $manualHTTPSwithsecret }} - port: https - scheme: HTTPS - {{- else }} - port: http - scheme: HTTP - {{- end }} - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: +{{- $manualHTTPS := and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manual") -}} +{{- $manualHTTPSwithsecret := and .Values.proxy.https.enabled (eq .Values.proxy.https.type "secret") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jupyterhub.proxy.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + hub.jupyter.org/network-access-hub: "true" + hub.jupyter.org/network-access-singleuser: "true" + annotations: + # We want to restart proxy only if the auth token changes + # Other changes to the hub config should not restart. + # We truncate to 4 chars to avoid leaking auth token info, + # since someone could brute force the hash to obtain the token + # + # Note that if auth_token has to be generated at random, it will be + # generated at random here separately from being generated at random in + # the k8s Secret template. This will cause this annotation to change to + # match the k8s Secret during the first upgrade following an auth_token + # was generated. + spec: + terminationGracePeriodSeconds: 60 + {{- include "jupyterhub.coreAffinity" . | nindent 6 }} + {{- if $manualHTTPS }} + volumes: + - name: tls-secret + secret: + secretName: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} + {{- else if $manualHTTPSwithsecret }} + volumes: + - name: tls-secret + secret: + secretName: {{ .Values.proxy.https.secret.name }} + {{- end }} + containers: + - name: chp + image: quay.io/jupyterhub/configurable-http-proxy:4.6.3 + {{- $hubNameAsEnv := include "jupyterhub.hub.fullname" . | upper | replace "-" "_" }} + {{- $hubHost := printf "http://%s:$(%s_SERVICE_PORT)" (include "jupyterhub.hub.fullname" .) $hubNameAsEnv }} + command: + - configurable-http-proxy + - "--ip=" + - "--api-ip=" + - --api-port=8001 + - --default-target= $hubHost + - --error-target= printf "%s/hub/error" $hubHost) + {{- if $manualHTTPS }} + - --port=8443 + - --redirect-port=8000 + - --redirect-to=443 + - --ssl-key=/etc/chp/tls/tls.key + - --ssl-cert=/etc/chp/tls/tls.crt + {{- else if $manualHTTPSwithsecret }} + - --port=8443 + - --redirect-port=8000 + - --redirect-to=443 + - --ssl-key=/etc/chp/tls/{{ .Values.proxy.https.secret.key }} + - --ssl-cert=/etc/chp/tls/{{ .Values.proxy.https.secret.crt }} + {{- else }} + - --port=8000 + {{- end }} + {{- if or $manualHTTPS $manualHTTPSwithsecret }} + volumeMounts: + - name: tls-secret + mountPath: /etc/chp/tls + readOnly: true + {{- end }} + env: + - name: CONFIGPROXY_AUTH_TOKEN + valueFrom: + secretKeyRef: + # NOTE: References the chart managed k8s Secret even if + # hub.existingSecret is specified to avoid using the + # lookup function on the user managed k8s Secret. + name: jupyterhub-secrets + key: hub.config.ConfigurableHTTPProxy.auth_token + ports: + {{- if or $manualHTTPS $manualHTTPSwithsecret }} + - name: https + containerPort: 8443 + {{- end }} + - name: http + containerPort: 8000 + - name: api + containerPort: 8001 + livenessProbe: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 30 + failureThreshold: 3 + httpGet: + path: /_chp_healthz + {{- if or $manualHTTPS $manualHTTPSwithsecret }} + port: https + scheme: HTTPS + {{- else }} + port: http + scheme: HTTP + {{- end }} + readinessProbe: + initialDelaySeconds: 0 + periodSeconds: 2 + timeoutSeconds: 1000 + failureThreshold: 1 + httpGet: + path: /_chp_healthz + {{- if or $manualHTTPS $manualHTTPSwithsecret }} + port: https + scheme: HTTPS + {{- else }} + port: http + scheme: HTTP + {{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: type: "RuntimeDefault" \ No newline at end of file diff --git a/charts/jupyterhub/templates/proxy/netpol.yaml b/charts/jupyterhub/templates/proxy/netpol.yaml index 2f8607d7..9bc3a5d1 100644 --- a/charts/jupyterhub/templates/proxy/netpol.yaml +++ b/charts/jupyterhub/templates/proxy/netpol.yaml @@ -1,78 +1,78 @@ -{{- $HTTPS := .Values.proxy.https.enabled -}} -{{- $autoHTTPS := and $HTTPS (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} -{{- $manualHTTPS := and $HTTPS (eq .Values.proxy.https.type "manual") -}} -{{- $manualHTTPSwithsecret := and $HTTPS (eq .Values.proxy.https.type "secret") -}} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jupyterhub.proxy.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - policyTypes: - - Ingress - - Egress - - # IMPORTANT: - # NetworkPolicy's ingress "from" and egress "to" rule specifications require - # great attention to detail. A quick summary is: - # - # 1. You can provide "from"/"to" rules that provide access either ports or a - # subset of ports. - # 2. You can for each "from"/"to" rule provide any number of - # "sources"/"destinations" of four different kinds. - # - podSelector - targets pods with a certain label in the same namespace as the NetworkPolicy - # - namespaceSelector - targets all pods running in namespaces with a certain label - # - namespaceSelector and podSelector - targets pods with a certain label running in namespaces with a certain label - # - ipBlock - targets network traffic from/to a set of IP address ranges - # - # Read more at: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors - # - ingress: - - ports: - - port: http - - port: https - - # allowed pods (hub.jupyter.org/network-access-proxy-http) --> proxy (http/https port) - - ports: - - port: http - {{- if or $manualHTTPS $manualHTTPSwithsecret }} - - port: https - {{- end }} - from: - # source 1 - labeled pods - - podSelector: - matchLabels: - hub.jupyter.org/network-access-proxy-http: "true" - - # allowed pods (hub.jupyter.org/network-access-proxy-api) --> proxy (api port) - - ports: - - port: api - from: - # source 1 - labeled pods - - podSelector: - matchLabels: - hub.jupyter.org/network-access-proxy-api: "true" - - egress: - # proxy --> hub - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "hub") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8081 - - # proxy --> singleuser-server - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8888 - +{{- $HTTPS := .Values.proxy.https.enabled -}} +{{- $autoHTTPS := and $HTTPS (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} +{{- $manualHTTPS := and $HTTPS (eq .Values.proxy.https.type "manual") -}} +{{- $manualHTTPSwithsecret := and $HTTPS (eq .Values.proxy.https.type "secret") -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "jupyterhub.proxy.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + + # IMPORTANT: + # NetworkPolicy's ingress "from" and egress "to" rule specifications require + # great attention to detail. A quick summary is: + # + # 1. You can provide "from"/"to" rules that provide access either ports or a + # subset of ports. + # 2. You can for each "from"/"to" rule provide any number of + # "sources"/"destinations" of four different kinds. + # - podSelector - targets pods with a certain label in the same namespace as the NetworkPolicy + # - namespaceSelector - targets all pods running in namespaces with a certain label + # - namespaceSelector and podSelector - targets pods with a certain label running in namespaces with a certain label + # - ipBlock - targets network traffic from/to a set of IP address ranges + # + # Read more at: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors + # + ingress: + - ports: + - port: http + - port: https + + # allowed pods (hub.jupyter.org/network-access-proxy-http) --> proxy (http/https port) + - ports: + - port: http + {{- if or $manualHTTPS $manualHTTPSwithsecret }} + - port: https + {{- end }} + from: + # source 1 - labeled pods + - podSelector: + matchLabels: + hub.jupyter.org/network-access-proxy-http: "true" + + # allowed pods (hub.jupyter.org/network-access-proxy-api) --> proxy (api port) + - ports: + - port: api + from: + # source 1 - labeled pods + - podSelector: + matchLabels: + hub.jupyter.org/network-access-proxy-api: "true" + + egress: + # proxy --> hub + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "hub") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8081 + + # proxy --> singleuser-server + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8888 + diff --git a/charts/jupyterhub/templates/proxy/service.yaml b/charts/jupyterhub/templates/proxy/service.yaml index b6c730e5..2320180f 100644 --- a/charts/jupyterhub/templates/proxy/service.yaml +++ b/charts/jupyterhub/templates/proxy/service.yaml @@ -1,56 +1,56 @@ -{{- $enabled := .Values.proxy.https.enabled -}} -{{- $autoHTTPS := and $enabled (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} -{{- $manualHTTPS := and $enabled (eq .Values.proxy.https.type "manual") -}} -{{- $manualHTTPSwithsecret := and $enabled (eq .Values.proxy.https.type "secret") -}} -{{- $offloadHTTPS := and $enabled (eq .Values.proxy.https.type "offload") -}} -{{- $valid := or $autoHTTPS (or $manualHTTPS (or $manualHTTPSwithsecret $offloadHTTPS)) -}} -{{- $HTTPS := and $enabled $valid -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jupyterhub.proxy-api.fullname" . }} - labels: - {{- $_ := merge (dict "componentSuffix" "-api") . }} - {{- include "jupyterhub.labels" $_ | nindent 4 }} -spec: - selector: - {{- include "jupyterhub.matchLabels" . | nindent 4 }} - ports: - - port: 8001 - targetPort: api ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jupyterhub.proxy-public.fullname" . }} - labels: - {{- $_ := merge (dict "componentSuffix" "-public") . }} - {{- include "jupyterhub.labels" $_ | nindent 4 }} -spec: - selector: - # This service will target the autohttps pod if autohttps is configured, and - # the proxy pod if not. When autohttps is configured, the service proxy-http - # will be around to target the proxy pod directly. - {{- if $autoHTTPS }} - {{- $_ := merge (dict "componentLabel" "autohttps") . -}} - {{- include "jupyterhub.matchLabels" $_ | nindent 4 }} - {{- else }} - {{- include "jupyterhub.matchLabels" . | nindent 4 }} - {{- end }} - ports: - {{- if $HTTPS }} - - name: https - port: 443 - # When HTTPS termination is handled outside our helm chart, pass traffic - # coming in via this Service's port 443 to targeted pod's port meant for - # HTTP traffic. - {{- if $offloadHTTPS }} - targetPort: http - {{- else }} - targetPort: https - {{- end }} - {{- end }} - - name: http - port: 80 - targetPort: http +{{- $enabled := .Values.proxy.https.enabled -}} +{{- $autoHTTPS := and $enabled (and (eq .Values.proxy.https.type "letsencrypt") .Values.proxy.https.hosts) -}} +{{- $manualHTTPS := and $enabled (eq .Values.proxy.https.type "manual") -}} +{{- $manualHTTPSwithsecret := and $enabled (eq .Values.proxy.https.type "secret") -}} +{{- $offloadHTTPS := and $enabled (eq .Values.proxy.https.type "offload") -}} +{{- $valid := or $autoHTTPS (or $manualHTTPS (or $manualHTTPSwithsecret $offloadHTTPS)) -}} +{{- $HTTPS := and $enabled $valid -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jupyterhub.proxy-api.fullname" . }} + labels: + {{- $_ := merge (dict "componentSuffix" "-api") . }} + {{- include "jupyterhub.labels" $_ | nindent 4 }} +spec: + selector: + {{- include "jupyterhub.matchLabels" . | nindent 4 }} + ports: + - port: 8001 + targetPort: api +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jupyterhub.proxy-public.fullname" . }} + labels: + {{- $_ := merge (dict "componentSuffix" "-public") . }} + {{- include "jupyterhub.labels" $_ | nindent 4 }} +spec: + selector: + # This service will target the autohttps pod if autohttps is configured, and + # the proxy pod if not. When autohttps is configured, the service proxy-http + # will be around to target the proxy pod directly. + {{- if $autoHTTPS }} + {{- $_ := merge (dict "componentLabel" "autohttps") . -}} + {{- include "jupyterhub.matchLabels" $_ | nindent 4 }} + {{- else }} + {{- include "jupyterhub.matchLabels" . | nindent 4 }} + {{- end }} + ports: + {{- if $HTTPS }} + - name: https + port: 443 + # When HTTPS termination is handled outside our helm chart, pass traffic + # coming in via this Service's port 443 to targeted pod's port meant for + # HTTP traffic. + {{- if $offloadHTTPS }} + targetPort: http + {{- else }} + targetPort: https + {{- end }} + {{- end }} + - name: http + port: 80 + targetPort: http type: LoadBalancer \ No newline at end of file diff --git a/charts/jupyterhub/templates/scheduling/_scheduling-helpers.tpl b/charts/jupyterhub/templates/scheduling/_scheduling-helpers.tpl index 420518de..fa580c07 100644 --- a/charts/jupyterhub/templates/scheduling/_scheduling-helpers.tpl +++ b/charts/jupyterhub/templates/scheduling/_scheduling-helpers.tpl @@ -1,103 +1,103 @@ -{{- define "jupyterhub.userNodeAffinityRequired" -}} -- matchExpressions: - - key: hub.jupyter.org/node-purpose - operator: In - values: [user] -{{- end }} - -{{- define "jupyterhub.userNodeAffinityPreferred" -}} -- weight: 100 - preference: - matchExpressions: - - key: hub.jupyter.org/node-purpose - operator: In - values: [user] -{{- end }} - -{{- define "jupyterhub.userPodAffinityRequired" -}} -{{- end }} - -{{- define "jupyterhub.userPodAffinityPreferred" -}} -{{- end }} - -{{- define "jupyterhub.userPodAntiAffinityRequired" -}} -{{- end }} - -{{- define "jupyterhub.userPodAntiAffinityPreferred" -}} -{{- end }} - - - -{{- /* - jupyterhub.userAffinity: - It is used by user-placeholder to set the same affinity on them as the - spawned user pods spawned by kubespawner. -*/}} -{{- define "jupyterhub.userAffinity" -}} - -{{- $dummy := set . "nodeAffinityRequired" (include "jupyterhub.userNodeAffinityRequired" .) -}} -{{- $dummy := set . "podAffinityRequired" (include "jupyterhub.userPodAffinityRequired" .) -}} -{{- $dummy := set . "podAntiAffinityRequired" (include "jupyterhub.userPodAntiAffinityRequired" .) -}} -{{- $dummy := set . "nodeAffinityPreferred" (include "jupyterhub.userNodeAffinityPreferred" .) -}} -{{- $dummy := set . "podAffinityPreferred" (include "jupyterhub.userPodAffinityPreferred" .) -}} -{{- $dummy := set . "podAntiAffinityPreferred" (include "jupyterhub.userPodAntiAffinityPreferred" .) -}} -{{- $dummy := set . "hasNodeAffinity" (or .nodeAffinityRequired .nodeAffinityPreferred) -}} -{{- $dummy := set . "hasPodAffinity" (or .podAffinityRequired .podAffinityPreferred) -}} -{{- $dummy := set . "hasPodAntiAffinity" (or .podAntiAffinityRequired .podAntiAffinityPreferred) -}} - -{{- if .hasNodeAffinity -}} -nodeAffinity: - {{- if .nodeAffinityRequired }} - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - {{- .nodeAffinityRequired | nindent 6 }} - {{- end }} - - {{- if .nodeAffinityPreferred }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- .nodeAffinityPreferred | nindent 4 }} - {{- end }} -{{- end }} - -{{- if .hasPodAffinity }} -podAffinity: - {{- if .podAffinityRequired }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- .podAffinityRequired | nindent 4 }} - {{- end }} - - {{- if .podAffinityPreferred }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- .podAffinityPreferred | nindent 4 }} - {{- end }} -{{- end }} - -{{- if .hasPodAntiAffinity }} -podAntiAffinity: - {{- if .podAntiAffinityRequired }} - requiredDuringSchedulingIgnoredDuringExecution: - {{- .podAntiAffinityRequired | nindent 4 }} - {{- end }} - - {{- if .podAntiAffinityPreferred }} - preferredDuringSchedulingIgnoredDuringExecution: - {{- .podAntiAffinityPreferred | nindent 4 }} - {{- end }} -{{- end }} - -{{- end }} - - - -{{- define "jupyterhub.coreAffinity" -}} -affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: hub.jupyter.org/node-purpose - operator: In - values: [core] -{{- end }} - +{{- define "jupyterhub.userNodeAffinityRequired" -}} +- matchExpressions: + - key: hub.jupyter.org/node-purpose + operator: In + values: [user] +{{- end }} + +{{- define "jupyterhub.userNodeAffinityPreferred" -}} +- weight: 100 + preference: + matchExpressions: + - key: hub.jupyter.org/node-purpose + operator: In + values: [user] +{{- end }} + +{{- define "jupyterhub.userPodAffinityRequired" -}} +{{- end }} + +{{- define "jupyterhub.userPodAffinityPreferred" -}} +{{- end }} + +{{- define "jupyterhub.userPodAntiAffinityRequired" -}} +{{- end }} + +{{- define "jupyterhub.userPodAntiAffinityPreferred" -}} +{{- end }} + + + +{{- /* + jupyterhub.userAffinity: + It is used by user-placeholder to set the same affinity on them as the + spawned user pods spawned by kubespawner. +*/}} +{{- define "jupyterhub.userAffinity" -}} + +{{- $dummy := set . "nodeAffinityRequired" (include "jupyterhub.userNodeAffinityRequired" .) -}} +{{- $dummy := set . "podAffinityRequired" (include "jupyterhub.userPodAffinityRequired" .) -}} +{{- $dummy := set . "podAntiAffinityRequired" (include "jupyterhub.userPodAntiAffinityRequired" .) -}} +{{- $dummy := set . "nodeAffinityPreferred" (include "jupyterhub.userNodeAffinityPreferred" .) -}} +{{- $dummy := set . "podAffinityPreferred" (include "jupyterhub.userPodAffinityPreferred" .) -}} +{{- $dummy := set . "podAntiAffinityPreferred" (include "jupyterhub.userPodAntiAffinityPreferred" .) -}} +{{- $dummy := set . "hasNodeAffinity" (or .nodeAffinityRequired .nodeAffinityPreferred) -}} +{{- $dummy := set . "hasPodAffinity" (or .podAffinityRequired .podAffinityPreferred) -}} +{{- $dummy := set . "hasPodAntiAffinity" (or .podAntiAffinityRequired .podAntiAffinityPreferred) -}} + +{{- if .hasNodeAffinity -}} +nodeAffinity: + {{- if .nodeAffinityRequired }} + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- .nodeAffinityRequired | nindent 6 }} + {{- end }} + + {{- if .nodeAffinityPreferred }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- .nodeAffinityPreferred | nindent 4 }} + {{- end }} +{{- end }} + +{{- if .hasPodAffinity }} +podAffinity: + {{- if .podAffinityRequired }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- .podAffinityRequired | nindent 4 }} + {{- end }} + + {{- if .podAffinityPreferred }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- .podAffinityPreferred | nindent 4 }} + {{- end }} +{{- end }} + +{{- if .hasPodAntiAffinity }} +podAntiAffinity: + {{- if .podAntiAffinityRequired }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- .podAntiAffinityRequired | nindent 4 }} + {{- end }} + + {{- if .podAntiAffinityPreferred }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- .podAntiAffinityPreferred | nindent 4 }} + {{- end }} +{{- end }} + +{{- end }} + + + +{{- define "jupyterhub.coreAffinity" -}} +affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: hub.jupyter.org/node-purpose + operator: In + values: [core] +{{- end }} + diff --git a/charts/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml b/charts/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml index d3290208..4acaedf1 100644 --- a/charts/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml +++ b/charts/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml @@ -1,12 +1,12 @@ - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "jupyterhub.user-placeholder.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - minAvailable: 0 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "jupyterhub.user-placeholder.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + minAvailable: 0 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} diff --git a/charts/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/charts/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 56ca1e02..3c36fa59 100644 --- a/charts/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/charts/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -1,46 +1,46 @@ - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "jupyterhub.user-placeholder.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - podManagementPolicy: Parallel - replicas: 0 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - serviceName: {{ include "jupyterhub.user-placeholder.fullname" . }} - template: - metadata: - labels: - {{- /* Changes here will cause the Deployment to restart the pods. */}} - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - spec: - {{- if .Values.scheduling.userScheduler.enabled }} - schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} - {{- end }} - {{- if include "jupyterhub.userAffinity" . }} - affinity: - {{- include "jupyterhub.userAffinity" . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 0 - automountServiceAccountToken: false - - containers: - - name: pause - image: registry.k8s.io/pause:3.10 - {{- if (include "jupyterhub.singleuser.resources" .) }} - resources: - {{- include "jupyterhub.singleuser.resources" . | nindent 12 }} - {{- end }} - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "jupyterhub.user-placeholder.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + podManagementPolicy: Parallel + replicas: 0 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + serviceName: {{ include "jupyterhub.user-placeholder.fullname" . }} + template: + metadata: + labels: + {{- /* Changes here will cause the Deployment to restart the pods. */}} + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + spec: + {{- if .Values.scheduling.userScheduler.enabled }} + schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} + {{- end }} + {{- if include "jupyterhub.userAffinity" . }} + affinity: + {{- include "jupyterhub.userAffinity" . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 0 + automountServiceAccountToken: false + + containers: + - name: pause + image: registry.k8s.io/pause:3.10 + {{- if (include "jupyterhub.singleuser.resources" .) }} + resources: + {{- include "jupyterhub.singleuser.resources" . | nindent 12 }} + {{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/charts/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/charts/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 3581792b..0fe58115 100644 --- a/charts/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/charts/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -1,52 +1,52 @@ -{{- if .Values.scheduling.userScheduler.enabled -}} -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -data: - {{- /* - This is configuration of a k8s official kube-scheduler binary running in the - user-scheduler. - - ref: https://kubernetes.io/docs/reference/scheduling/config/ - ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/ - */}} - config.yaml: | - apiVersion: kubescheduler.config.k8s.io/v1 - kind: KubeSchedulerConfiguration - leaderElection: - resourceLock: leases - resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} - resourceNamespace: "{{ .Release.Namespace }}" - profiles: - - schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} - plugins: - score: - disabled: - - name: NodeResourcesBalancedAllocation - - name: NodeAffinity - - name: InterPodAffinity - - name: NodeResourcesFit - - name: ImageLocality - enabled: - - name: NodeAffinity - weight: 14631 - - name: InterPodAffinity - weight: 1331 - - name: NodeResourcesFit - weight: 121 - - name: ImageLocality - weight: 11 - pluginConfig: - - name: NodeResourcesFit - args: - scoringStrategy: - type: MostAllocated - resources: - - name: cpu - weight: 1 - - name: memory - weight: 1 -{{- end }} +{{- if .Values.scheduling.userScheduler.enabled -}} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +data: + {{- /* + This is configuration of a k8s official kube-scheduler binary running in the + user-scheduler. + + ref: https://kubernetes.io/docs/reference/scheduling/config/ + ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/ + */}} + config.yaml: | + apiVersion: kubescheduler.config.k8s.io/v1 + kind: KubeSchedulerConfiguration + leaderElection: + resourceLock: leases + resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} + resourceNamespace: "{{ .Release.Namespace }}" + profiles: + - schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} + plugins: + score: + disabled: + - name: NodeResourcesBalancedAllocation + - name: NodeAffinity + - name: InterPodAffinity + - name: NodeResourcesFit + - name: ImageLocality + enabled: + - name: NodeAffinity + weight: 14631 + - name: InterPodAffinity + weight: 1331 + - name: NodeResourcesFit + weight: 121 + - name: ImageLocality + weight: 11 + pluginConfig: + - name: NodeResourcesFit + args: + scoringStrategy: + type: MostAllocated + resources: + - name: cpu + weight: 1 + - name: memory + weight: 1 +{{- end }} diff --git a/charts/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/charts/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index 5fc54549..dbfadc88 100644 --- a/charts/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/charts/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -1,64 +1,64 @@ -{{- if .Values.scheduling.userScheduler.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.scheduling.userScheduler.replicas }} - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} - annotations: - checksum/config-map: {{ include (print $.Template.BasePath "/scheduling/user-scheduler/configmap.yaml") . | sha256sum }} - spec: - {{ with include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} - serviceAccountName: {{ . }} - {{- end }} - {{- include "jupyterhub.coreAffinity" . | nindent 6 }} - volumes: - - name: config - configMap: - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} - containers: - - name: kube-scheduler - image: registry.k8s.io/kube-scheduler:v1.30.11 - command: - - /usr/local/bin/kube-scheduler - # NOTE: --authentication-skip-lookup=true is used to avoid a - # seemingly harmless error, if we need to not skip - # "authentication lookup" in the future, see the linked issue. - # - # ref: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/1894 - - --config=/etc/user-scheduler/config.yaml - - --authentication-skip-lookup=true - - --v={{ .Values.scheduling.userScheduler.logLevel }} - volumeMounts: - - mountPath: /etc/user-scheduler - name: config - livenessProbe: - httpGet: - path: /healthz - scheme: HTTPS - port: 10259 - initialDelaySeconds: 15 - readinessProbe: - httpGet: - path: /healthz - scheme: HTTPS - port: 10259 - securityContext: - runAsNonRoot: true - runAsUser: 65534 # nobody user - runAsGroup: 65534 # nobody group - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -{{- end }} +{{- if .Values.scheduling.userScheduler.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.scheduling.userScheduler.replicas }} + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jupyterhub.matchLabelsLegacyAndModern" . | nindent 8 }} + annotations: + checksum/config-map: {{ include (print $.Template.BasePath "/scheduling/user-scheduler/configmap.yaml") . | sha256sum }} + spec: + {{ with include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} + serviceAccountName: {{ . }} + {{- end }} + {{- include "jupyterhub.coreAffinity" . | nindent 6 }} + volumes: + - name: config + configMap: + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} + containers: + - name: kube-scheduler + image: registry.k8s.io/kube-scheduler:v1.30.11 + command: + - /usr/local/bin/kube-scheduler + # NOTE: --authentication-skip-lookup=true is used to avoid a + # seemingly harmless error, if we need to not skip + # "authentication lookup" in the future, see the linked issue. + # + # ref: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/1894 + - --config=/etc/user-scheduler/config.yaml + - --authentication-skip-lookup=true + - --v={{ .Values.scheduling.userScheduler.logLevel }} + volumeMounts: + - mountPath: /etc/user-scheduler + name: config + livenessProbe: + httpGet: + path: /healthz + scheme: HTTPS + port: 10259 + initialDelaySeconds: 15 + readinessProbe: + httpGet: + path: /healthz + scheme: HTTPS + port: 10259 + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody user + runAsGroup: 65534 # nobody group + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +{{- end }} diff --git a/charts/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml b/charts/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml index 910f0787..ea00dc43 100644 --- a/charts/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml +++ b/charts/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml @@ -1,11 +1,11 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - {{- include "jupyterhub.matchLabels" . | nindent 6 }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{- include "jupyterhub.matchLabels" . | nindent 6 }} diff --git a/charts/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/charts/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 1b5269dd..2e9e3ceb 100644 --- a/charts/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/charts/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -1,220 +1,220 @@ -{{- if .Values.scheduling.userScheduler.enabled -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -rules: - # Copied from the system:kube-scheduler ClusterRole of the k8s version - # matching the kube-scheduler binary we use. A modification has been made to - # resourceName fields to remain relevant for how we have named our resources - # in this Helm chart. - # - # NOTE: These rules have been: - # - unchanged between 1.12 and 1.15 - # - changed in 1.16 - # - changed in 1.17 - # - unchanged between 1.18 and 1.20 - # - changed in 1.21: get/list/watch permission for namespace, - # csidrivers, csistoragecapacities was added. - # - unchanged between 1.22 and 1.27 - # - changed in 1.28: permissions to get/update lock endpoint resource - # removed - # - unchanged between 1.28 and 1.30 - # - (1.31 is known to bring some changes below) - # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.30.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 - - apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} - resources: - - leases - verbs: - - get - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - bindings - - pods/binding - verbs: - - create - - apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - - services - verbs: - - get - - list - - watch - - apiGroups: - - apps - - extensions - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - get - - list - - watch - - # Copied from the system:volume-scheduler ClusterRole of the k8s version - # matching the kube-scheduler binary we use. - # - # NOTE: These rules have not changed between 1.12 and 1.29. - # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310 - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - patch - - update - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} - namespace: "{{ .Release.Namespace }}" -roleRef: - kind: ClusterRole - name: {{ include "jupyterhub.user-scheduler.fullname" . }} - apiGroup: rbac.authorization.k8s.io -{{- end }} +{{- if .Values.scheduling.userScheduler.enabled -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.user-scheduler.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +rules: + # Copied from the system:kube-scheduler ClusterRole of the k8s version + # matching the kube-scheduler binary we use. A modification has been made to + # resourceName fields to remain relevant for how we have named our resources + # in this Helm chart. + # + # NOTE: These rules have been: + # - unchanged between 1.12 and 1.15 + # - changed in 1.16 + # - changed in 1.17 + # - unchanged between 1.18 and 1.20 + # - changed in 1.21: get/list/watch permission for namespace, + # csidrivers, csistoragecapacities was added. + # - unchanged between 1.22 and 1.27 + # - changed in 1.28: permissions to get/update lock endpoint resource + # removed + # - unchanged between 1.28 and 1.30 + # - (1.31 is known to bring some changes below) + # + # ref: https://github.com/kubernetes/kubernetes/blob/v1.30.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} + resources: + - leases + verbs: + - get + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - bindings + - pods/binding + verbs: + - create + - apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - update + - apiGroups: + - "" + resources: + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + + # Copied from the system:volume-scheduler ClusterRole of the k8s version + # matching the kube-scheduler binary we use. + # + # NOTE: These rules have not changed between 1.12 and 1.29. + # + # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310 + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - patch + - update + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jupyterhub.user-scheduler.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: ClusterRole + name: {{ include "jupyterhub.user-scheduler.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/jupyterhub/templates/scheduling/user-scheduler/serviceaccount.yaml b/charts/jupyterhub/templates/scheduling/user-scheduler/serviceaccount.yaml index 3891cac9..8d9b7e9d 100644 --- a/charts/jupyterhub/templates/scheduling/user-scheduler/serviceaccount.yaml +++ b/charts/jupyterhub/templates/scheduling/user-scheduler/serviceaccount.yaml @@ -1,6 +1,6 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} - labels: +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jupyterhub.user-scheduler-serviceaccount.fullname" . }} + labels: {{- include "jupyterhub.labels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/jupyterhub/templates/singleuser/netpol.yaml b/charts/jupyterhub/templates/singleuser/netpol.yaml index 7c521723..299d457f 100644 --- a/charts/jupyterhub/templates/singleuser/netpol.yaml +++ b/charts/jupyterhub/templates/singleuser/netpol.yaml @@ -1,58 +1,58 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jupyterhub.singleuser.fullname" . }} - labels: - {{- include "jupyterhub.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 6 }} - policyTypes: - - Ingress - - Egress - ingress: - {{- with .Values.singleuser.networkPolicy.allowedIngressPorts }} - - ports: - {{- range $port := . }} - - port: {{ $port }} - {{- end }} - {{- end }} - - ports: - - port: notebook-port - from: - # source 1 - labeled pods - - podSelector: - matchLabels: - hub.jupyter.org/network-access-singleuser: "true" - {{- with .Values.singleuser.networkPolicy.ingress }} - {{- . | toYaml | nindent 4 }} - {{- end }} - egress: - # singleuser-server --> hub - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "hub") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8081 - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "proxy") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8000 - - to: - - podSelector: - matchLabels: - {{- $_ := merge (dict "componentLabel" "autohttps") . }} - {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} - ports: - - port: 8080 - - port: 8443 - {{- with (include "jupyterhub.networkPolicy.renderEgressRules" (list . .Values.singleuser.networkPolicy)) }} - {{- . | nindent 4 }} - {{- end }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "jupyterhub.singleuser.fullname" . }} + labels: + {{- include "jupyterhub.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "singleuser-server") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + {{- with .Values.singleuser.networkPolicy.allowedIngressPorts }} + - ports: + {{- range $port := . }} + - port: {{ $port }} + {{- end }} + {{- end }} + - ports: + - port: notebook-port + from: + # source 1 - labeled pods + - podSelector: + matchLabels: + hub.jupyter.org/network-access-singleuser: "true" + {{- with .Values.singleuser.networkPolicy.ingress }} + {{- . | toYaml | nindent 4 }} + {{- end }} + egress: + # singleuser-server --> hub + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "hub") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8081 + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "proxy") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8000 + - to: + - podSelector: + matchLabels: + {{- $_ := merge (dict "componentLabel" "autohttps") . }} + {{- include "jupyterhub.matchLabels" $_ | nindent 14 }} + ports: + - port: 8080 + - port: 8443 + {{- with (include "jupyterhub.networkPolicy.renderEgressRules" (list . .Values.singleuser.networkPolicy)) }} + {{- . | nindent 4 }} + {{- end }} diff --git a/charts/jupyterhub/values.schema.json b/charts/jupyterhub/values.schema.json index 7a38d664..e34c5770 100644 --- a/charts/jupyterhub/values.schema.json +++ b/charts/jupyterhub/values.schema.json @@ -1,175 +1,175 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "hub": { - "type": "object", - "properties": { - "config": { - "type": "object", - "properties": { - "JupyterHub": { - "type": "object", - "properties": { - "admin_access": { "type": "boolean", "enum": [true] }, - "authenticator_class": { "type": "string", "enum": ["dummy"] } - } - } - } - }, - "baseUrl": { "type": "string", "enum": ["/"] } - } - }, - "proxy": { - "type": "object", - "properties": { - "https": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [false] }, - "type": { "type": "string", "enum": ["letsencrypt"] }, - "letsencrypt": { - "type": "object", - "properties": { - "acmeServer": { "type": "string", "enum": ["https://acme-v02.api.letsencrypt.org/directory"] } - } - }, - "secret": { - "type": "object", - "properties": { - "key": { "type": "string", "enum": ["tls.key"] }, - "crt": { "type": "string", "enum": ["tls.crt"] } - } - }, - "hosts": { "type": "array", "enum": [[]] } - } - } - } - }, - "singleuser": { - "type": "object", - "properties": { - "networkTools": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["quay.io/jupyterhub/k8s-network-tools"] }, - "tag": { "type": "string", "enum": ["4.1.1-0.dev.git.6949.h138f95a8"] } - } - } - } - }, - "cloudMetadata": { - "type": "object", - "properties": { - "blockWithIptables": { "type": "boolean", "enum": [true] }, - "ip": { "type": "string", "enum": ["169.254.169.254"] } - } - }, - "networkPolicy": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] }, - "egressAllowRules": { - "type": "object", - "properties": { - "cloudMetadataServer": { "type": "boolean", "enum": [false] }, - "dnsPortsCloudMetadataServer": { "type": "boolean", "enum": [true] }, - "dnsPortsKubeSystemNamespace": { "type": "boolean", "enum": [true] }, - "dnsPortsPrivateIPs": { "type": "boolean", "enum": [true] }, - "nonPrivateIPs": { "type": "boolean", "enum": [true] }, - "privateIPs": { "type": "boolean", "enum": [false] } - } - }, - "interNamespaceAccessLabels": { "type": "string", "enum": ["ignore"] } - } - }, - "events": { "type": "boolean", "enum": [true] }, - "extraLabels": { - "type": "object", - "properties": { - "hub.jupyter.org/network-access-hub": { "type": "string", "enum": ["true"] } - } - }, - "allowPrivilegeEscalation": { "type": "boolean", "enum": [false] }, - "uid": { "type": "integer", "enum": [1000] }, - "fsGid": { "type": "integer", "enum": [100] }, - "storage": { - "type": "object", - "properties": { - "type": { "type": "string", "enum": ["dynamic"] }, - "static": { - "type": "object", - "properties": { - "subPath": { "type": "string", "enum": ["{username}"] } - } - }, - "capacity": { "type": "string", "enum": ["10Gi"] }, - "homeMountPath": { "type": "string", "enum": ["/home/jovyan"] }, - "dynamic": { - "type": "object", - "properties": { - "volumeNameTemplate": { "type": "string", "enum": ["volume-{user_server}"] }, - "storageAccessModes": { "type": "array", "items": { "type": "string", "enum": ["ReadWriteOnce"] } } - } - } - } - }, - "image": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["quay.io/jupyterhub/k8s-singleuser-sample"] }, - "tag": { "type": "string", "enum": ["4.1.1-0.dev.git.6957.h0e735928"] } - } - }, - "cmd": { "type": "string", "enum": ["jupyterhub-singleuser"] } - } - }, - "scheduling": { - "type": "object", - "properties": { - "userScheduler": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] }, - "replicas": { "type": "integer", "enum": [2] }, - "logLevel": { "type": "integer", "enum": [4] } - } - } - } - }, - "prePuller": { - "type": "object", - "properties": { - "hook": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] }, - "pullOnlyOnChanges": { "type": "boolean", "enum": [true] } - } - }, - "continuous": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] } - } - } - } - }, - "cull": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] }, - "users": { "type": "boolean", "enum": [false] }, - "adminUsers": { "type": "boolean", "enum": [true] }, - "removeNamedServers": { "type": "boolean", "enum": [false] }, - "timeout": { "type": "integer", "enum": [3600] }, - "every": { "type": "integer", "enum": [600] }, - "concurrency": { "type": "integer", "enum": [10] }, - "maxAge": { "type": "integer", "enum": [0] } - } - } - } -} +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "hub": { + "type": "object", + "properties": { + "config": { + "type": "object", + "properties": { + "JupyterHub": { + "type": "object", + "properties": { + "admin_access": { "type": "boolean", "enum": [true] }, + "authenticator_class": { "type": "string", "enum": ["dummy"] } + } + } + } + }, + "baseUrl": { "type": "string", "enum": ["/"] } + } + }, + "proxy": { + "type": "object", + "properties": { + "https": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [false] }, + "type": { "type": "string", "enum": ["letsencrypt"] }, + "letsencrypt": { + "type": "object", + "properties": { + "acmeServer": { "type": "string", "enum": ["https://acme-v02.api.letsencrypt.org/directory"] } + } + }, + "secret": { + "type": "object", + "properties": { + "key": { "type": "string", "enum": ["tls.key"] }, + "crt": { "type": "string", "enum": ["tls.crt"] } + } + }, + "hosts": { "type": "array", "enum": [[]] } + } + } + } + }, + "singleuser": { + "type": "object", + "properties": { + "networkTools": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["quay.io/jupyterhub/k8s-network-tools"] }, + "tag": { "type": "string", "enum": ["4.1.1-0.dev.git.6949.h138f95a8"] } + } + } + } + }, + "cloudMetadata": { + "type": "object", + "properties": { + "blockWithIptables": { "type": "boolean", "enum": [true] }, + "ip": { "type": "string", "enum": ["169.254.169.254"] } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] }, + "egressAllowRules": { + "type": "object", + "properties": { + "cloudMetadataServer": { "type": "boolean", "enum": [false] }, + "dnsPortsCloudMetadataServer": { "type": "boolean", "enum": [true] }, + "dnsPortsKubeSystemNamespace": { "type": "boolean", "enum": [true] }, + "dnsPortsPrivateIPs": { "type": "boolean", "enum": [true] }, + "nonPrivateIPs": { "type": "boolean", "enum": [true] }, + "privateIPs": { "type": "boolean", "enum": [false] } + } + }, + "interNamespaceAccessLabels": { "type": "string", "enum": ["ignore"] } + } + }, + "events": { "type": "boolean", "enum": [true] }, + "extraLabels": { + "type": "object", + "properties": { + "hub.jupyter.org/network-access-hub": { "type": "string", "enum": ["true"] } + } + }, + "allowPrivilegeEscalation": { "type": "boolean", "enum": [false] }, + "uid": { "type": "integer", "enum": [1000] }, + "fsGid": { "type": "integer", "enum": [100] }, + "storage": { + "type": "object", + "properties": { + "type": { "type": "string", "enum": ["dynamic"] }, + "static": { + "type": "object", + "properties": { + "subPath": { "type": "string", "enum": ["{username}"] } + } + }, + "capacity": { "type": "string", "enum": ["10Gi"] }, + "homeMountPath": { "type": "string", "enum": ["/home/jovyan"] }, + "dynamic": { + "type": "object", + "properties": { + "volumeNameTemplate": { "type": "string", "enum": ["volume-{user_server}"] }, + "storageAccessModes": { "type": "array", "items": { "type": "string", "enum": ["ReadWriteOnce"] } } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["quay.io/jupyterhub/k8s-singleuser-sample"] }, + "tag": { "type": "string", "enum": ["4.1.1-0.dev.git.6957.h0e735928"] } + } + }, + "cmd": { "type": "string", "enum": ["jupyterhub-singleuser"] } + } + }, + "scheduling": { + "type": "object", + "properties": { + "userScheduler": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] }, + "replicas": { "type": "integer", "enum": [2] }, + "logLevel": { "type": "integer", "enum": [4] } + } + } + } + }, + "prePuller": { + "type": "object", + "properties": { + "hook": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] }, + "pullOnlyOnChanges": { "type": "boolean", "enum": [true] } + } + }, + "continuous": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] } + } + } + } + }, + "cull": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] }, + "users": { "type": "boolean", "enum": [false] }, + "adminUsers": { "type": "boolean", "enum": [true] }, + "removeNamedServers": { "type": "boolean", "enum": [false] }, + "timeout": { "type": "integer", "enum": [3600] }, + "every": { "type": "integer", "enum": [600] }, + "concurrency": { "type": "integer", "enum": [10] }, + "maxAge": { "type": "integer", "enum": [0] } + } + } + } +} diff --git a/charts/jupyterhub/values.yaml b/charts/jupyterhub/values.yaml index 652414b2..976c4d4a 100644 --- a/charts/jupyterhub/values.yaml +++ b/charts/jupyterhub/values.yaml @@ -1,92 +1,92 @@ -hub: - config: - JupyterHub: - admin_access: true - authenticator_class: dummy - baseUrl: / - -proxy: - https: - enabled: false - type: letsencrypt - letsencrypt: - contactEmail: - acmeServer: https://acme-v02.api.letsencrypt.org/directory - secret: - name: - key: tls.key - crt: tls.crt - hosts: [] - -singleuser: - networkTools: - image: - name: quay.io/jupyterhub/k8s-network-tools - tag: "4.1.1-0.dev.git.6949.h138f95a8" - - cloudMetadata: - blockWithIptables: true - ip: 169.254.169.254 - networkPolicy: - enabled: true - egressAllowRules: - cloudMetadataServer: false - dnsPortsCloudMetadataServer: true - dnsPortsKubeSystemNamespace: true - dnsPortsPrivateIPs: true - nonPrivateIPs: true - privateIPs: false - interNamespaceAccessLabels: ignore - events: true - extraLabels: - hub.jupyter.org/network-access-hub: "true" - allowPrivilegeEscalation: false - uid: 1000 - fsGid: 100 - storage: - type: dynamic - static: - pvcName: - subPath: "{username}" - capacity: 10Gi - homeMountPath: /home/jovyan - dynamic: - storageClass: - pvcNameTemplate: - volumeNameTemplate: volume-{user_server} - storageAccessModes: [ReadWriteOnce] - - image: - name: quay.io/jupyterhub/k8s-singleuser-sample - tag: "4.1.1-0.dev.git.6957.h0e735928" - cmd: jupyterhub-singleuser - -scheduling: - userScheduler: - enabled: true - replicas: 2 - logLevel: 4 - -prePuller: - hook: - enabled: true - pullOnlyOnChanges: true - - continuous: - enabled: true - -service: - nginx: - host: - tlsHost: - tlsSecretName: - -cull: - enabled: true - users: false - adminUsers: true - removeNamedServers: false - timeout: 3600 - every: 600 - concurrency: 10 - maxAge: 0 +hub: + config: + JupyterHub: + admin_access: true + authenticator_class: dummy + baseUrl: / + +proxy: + https: + enabled: false + type: letsencrypt + letsencrypt: + contactEmail: + acmeServer: https://acme-v02.api.letsencrypt.org/directory + secret: + name: + key: tls.key + crt: tls.crt + hosts: [] + +singleuser: + networkTools: + image: + name: quay.io/jupyterhub/k8s-network-tools + tag: "4.1.1-0.dev.git.6949.h138f95a8" + + cloudMetadata: + blockWithIptables: true + ip: 169.254.169.254 + networkPolicy: + enabled: true + egressAllowRules: + cloudMetadataServer: false + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true + dnsPortsPrivateIPs: true + nonPrivateIPs: true + privateIPs: false + interNamespaceAccessLabels: ignore + events: true + extraLabels: + hub.jupyter.org/network-access-hub: "true" + allowPrivilegeEscalation: false + uid: 1000 + fsGid: 100 + storage: + type: dynamic + static: + pvcName: + subPath: "{username}" + capacity: 10Gi + homeMountPath: /home/jovyan + dynamic: + storageClass: + pvcNameTemplate: + volumeNameTemplate: volume-{user_server} + storageAccessModes: [ReadWriteOnce] + + image: + name: quay.io/jupyterhub/k8s-singleuser-sample + tag: "4.1.1-0.dev.git.6957.h0e735928" + cmd: jupyterhub-singleuser + +scheduling: + userScheduler: + enabled: true + replicas: 2 + logLevel: 4 + +prePuller: + hook: + enabled: true + pullOnlyOnChanges: true + + continuous: + enabled: true + +service: + nginx: + host: + tlsHost: + tlsSecretName: + +cull: + enabled: true + users: false + adminUsers: true + removeNamedServers: false + timeout: 3600 + every: 600 + concurrency: 10 + maxAge: 0 diff --git a/charts/kafka/Chart.lock b/charts/kafka/Chart.lock index aa043a8f..7bf3830d 100644 --- a/charts/kafka/Chart.lock +++ b/charts/kafka/Chart.lock @@ -1,6 +1,6 @@ -dependencies: -- name: zookeeper - repository: https://helm.zop.dev - version: v0.0.1 -digest: sha256:86f04cd4de283e8af1361a389aeb45371355a4f99d4ac29c4fb00e6d7371b8f4 -generated: "2025-04-03T11:11:33.995026+05:30" +dependencies: +- name: zookeeper + repository: https://helm.zop.dev + version: v0.0.1 +digest: sha256:86f04cd4de283e8af1361a389aeb45371355a4f99d4ac29c4fb00e6d7371b8f4 +generated: "2025-04-03T11:11:33.995026+05:30" diff --git a/charts/kafka/Chart.yaml b/charts/kafka/Chart.yaml index 8161b813..62567614 100644 --- a/charts/kafka/Chart.yaml +++ b/charts/kafka/Chart.yaml @@ -1,17 +1,17 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart deploys kafka -name: kafka -version: 0.0.4 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png" -maintainers: - - name: ZopDev - url: zop.dev -dependencies: -- alias: zookeeper - condition: zookeeper.enabled - name: zookeeper - repository: "https://helm.zop.dev" - version: 0.0.1 -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart deploys kafka +name: kafka +version: 0.0.4 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png" +maintainers: + - name: ZopDev + url: zop.dev +dependencies: +- alias: zookeeper + condition: zookeeper.enabled + name: zookeeper + repository: "https://helm.zop.dev" + version: 0.0.1 +annotations: type: datasource \ No newline at end of file diff --git a/charts/kafka/README.md b/charts/kafka/README.md index 63711503..d5e7b854 100644 --- a/charts/kafka/README.md +++ b/charts/kafka/README.md @@ -1,217 +1,217 @@ -# Kafka Helm Chart - -The Kafka Helm chart provides an easy way to deploy Apache Kafka, a distributed event streaming platform. This chart allows you to manage Kafka instances on Kubernetes with customizable resource allocation, persistence, and scaling options. It includes built-in monitoring with Kafka Exporter and Prometheus alerts. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ -- Prometheus Operator (for monitoring and alerts) - ---- - -## Dependencies - -Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: - -```bash -helm dependency build -``` - -This command will: -1. Read the dependencies from `Chart.yaml` -2. Download the required charts (ZooKeeper) from the specified repositories -3. Store them in the `charts/` directory -4. Create or update the `Chart.lock` file with the exact versions - -If you encounter any issues with the dependencies, you can try: -```bash -helm dependency update # Updates dependencies to the latest versions -``` - -This chart requires the following dependencies to be installed: - -### ZooKeeper -- **Chart**: `zookeeper` -- **Version**: `0.0.1` -- **Repository**: `https://helm.zop.dev` -- **Condition**: `zookeeper.enabled` -- **Purpose**: Provides distributed coordination and configuration management for Kafka - -To install this dependency automatically, ensure the following in your `values.yaml`: - -```yaml -zookeeper: - enabled: true - # Additional ZooKeeper configuration... -``` - -The dependency will be automatically installed when you deploy the Kafka chart. You can customize its configuration through the respective section in your `values.yaml` file. - ---- - -## Add Helm Repository - -Before deploying the Kafka chart, add the Helm repository to your local setup: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To install the Kafka Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/kafka -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-kafka zopdev/kafka -``` - -To customize configurations, provide a `values.yaml` file or override values via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. - ---- - -## Uninstall Helm Chart - -To remove the Kafka deployment and all associated Kubernetes resources, use the following command: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-kafka -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The Kafka Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|-----------------------------|----------|------------------------------------------------------------|----------------| -| `image` | `string` | Image and tag for the Kafka container. | `danielqsj/kafka-exporter:v1.9.0` | -| `zookeeper.enabled` | `boolean`| Whether to deploy ZooKeeper as part of the chart. | `true` | -| `zookeeper.url` | `string` | URL of external ZooKeeper if not deploying with the chart. | `""` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the Kafka container. | `"500Mi"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Kafka container. | `"500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the Kafka container can use. | `"1500Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the Kafka container can use. | `"1000m"` | -| `diskSize` | `string` | Size of the persistent volume for storing Kafka data. | `"10Gi"` | - -### Default Kafka Configuration - -The chart includes several pre-configured Kafka settings: - -- Replication Factor: 3 -- Number of Partitions: 3 -- Min In-Sync Replicas: 2 -- Log Retention: 168 hours (7 days) -- Log Segment Size: 1GB -- Message Max Bytes: ~1MB -- Auto Create Topics: Disabled -- Delete Topic: Enabled - ---- - -### Example `values.yaml` File - -```yaml -version: "7.8.0" - -zookeeper: - enabled: true - url: "" # Only needed if zookeeper.enabled is false - -resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1000m" - memory: "1500Mi" - -diskSize: 10Gi -``` - -To use this configuration, save it to a `values.yaml` file and apply it during installation: - -```bash -helm install my-kafka zopdev/kafka -f values.yaml -``` - ---- - -## Features - -- **High Availability:** Deploy a 3-node Kafka cluster with proper replication and fault tolerance. -- **Built-in Monitoring:** Includes Kafka Exporter for Prometheus metrics collection. -- **Comprehensive Alerts:** Pre-configured Prometheus alerts. -- **Security:** - - Read-only root filesystem - - Non-root user execution - - Dropped capabilities - - Configurable security protocols -- **Resource Management:** - - Configurable CPU and memory limits - - Persistent volume storage - - JVM heap optimization -- **Networking:** - - Internal and external listeners - - Headless service for pod discovery - - Service monitor for Prometheus integration -- **Operational Features:** - - Rolling updates with configurable strategy - - Pod disruption budget - - Parallel pod management - - Configurable pod affinity - ---- - -## Monitoring - -The chart includes a Kafka Exporter container that exposes metrics on port 2121. These metrics are automatically collected by Prometheus when using the Prometheus Operator. - -Key metrics include: -- Broker status -- Topic and partition information -- Consumer group lag -- Replication status -- JVM metrics - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Kafka Helm Chart + +The Kafka Helm chart provides an easy way to deploy Apache Kafka, a distributed event streaming platform. This chart allows you to manage Kafka instances on Kubernetes with customizable resource allocation, persistence, and scaling options. It includes built-in monitoring with Kafka Exporter and Prometheus alerts. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ +- Prometheus Operator (for monitoring and alerts) + +--- + +## Dependencies + +Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: + +```bash +helm dependency build +``` + +This command will: +1. Read the dependencies from `Chart.yaml` +2. Download the required charts (ZooKeeper) from the specified repositories +3. Store them in the `charts/` directory +4. Create or update the `Chart.lock` file with the exact versions + +If you encounter any issues with the dependencies, you can try: +```bash +helm dependency update # Updates dependencies to the latest versions +``` + +This chart requires the following dependencies to be installed: + +### ZooKeeper +- **Chart**: `zookeeper` +- **Version**: `0.0.1` +- **Repository**: `https://helm.zop.dev` +- **Condition**: `zookeeper.enabled` +- **Purpose**: Provides distributed coordination and configuration management for Kafka + +To install this dependency automatically, ensure the following in your `values.yaml`: + +```yaml +zookeeper: + enabled: true + # Additional ZooKeeper configuration... +``` + +The dependency will be automatically installed when you deploy the Kafka chart. You can customize its configuration through the respective section in your `values.yaml` file. + +--- + +## Add Helm Repository + +Before deploying the Kafka chart, add the Helm repository to your local setup: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To install the Kafka Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/kafka +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-kafka zopdev/kafka +``` + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more information. + +--- + +## Uninstall Helm Chart + +To remove the Kafka deployment and all associated Kubernetes resources, use the following command: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-kafka +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The Kafka Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|-----------------------------|----------|------------------------------------------------------------|----------------| +| `image` | `string` | Image and tag for the Kafka container. | `danielqsj/kafka-exporter:v1.9.0` | +| `zookeeper.enabled` | `boolean`| Whether to deploy ZooKeeper as part of the chart. | `true` | +| `zookeeper.url` | `string` | URL of external ZooKeeper if not deploying with the chart. | `""` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Kafka container. | `"500Mi"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Kafka container. | `"500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the Kafka container can use. | `"1500Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Kafka container can use. | `"1000m"` | +| `diskSize` | `string` | Size of the persistent volume for storing Kafka data. | `"10Gi"` | + +### Default Kafka Configuration + +The chart includes several pre-configured Kafka settings: + +- Replication Factor: 3 +- Number of Partitions: 3 +- Min In-Sync Replicas: 2 +- Log Retention: 168 hours (7 days) +- Log Segment Size: 1GB +- Message Max Bytes: ~1MB +- Auto Create Topics: Disabled +- Delete Topic: Enabled + +--- + +### Example `values.yaml` File + +```yaml +version: "7.8.0" + +zookeeper: + enabled: true + url: "" # Only needed if zookeeper.enabled is false + +resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1000m" + memory: "1500Mi" + +diskSize: 10Gi +``` + +To use this configuration, save it to a `values.yaml` file and apply it during installation: + +```bash +helm install my-kafka zopdev/kafka -f values.yaml +``` + +--- + +## Features + +- **High Availability:** Deploy a 3-node Kafka cluster with proper replication and fault tolerance. +- **Built-in Monitoring:** Includes Kafka Exporter for Prometheus metrics collection. +- **Comprehensive Alerts:** Pre-configured Prometheus alerts. +- **Security:** + - Read-only root filesystem + - Non-root user execution + - Dropped capabilities + - Configurable security protocols +- **Resource Management:** + - Configurable CPU and memory limits + - Persistent volume storage + - JVM heap optimization +- **Networking:** + - Internal and external listeners + - Headless service for pod discovery + - Service monitor for Prometheus integration +- **Operational Features:** + - Rolling updates with configurable strategy + - Pod disruption budget + - Parallel pod management + - Configurable pod affinity + +--- + +## Monitoring + +The chart includes a Kafka Exporter container that exposes metrics on port 2121. These metrics are automatically collected by Prometheus when using the Prometheus Operator. + +Key metrics include: +- Broker status +- Topic and partition information +- Consumer group lag +- Replication status +- JVM metrics + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/kafka/templates/_helpers.tpl b/charts/kafka/templates/_helpers.tpl index 3b3a699c..205c1daa 100644 --- a/charts/kafka/templates/_helpers.tpl +++ b/charts/kafka/templates/_helpers.tpl @@ -1,50 +1,50 @@ -{{- define "kafka.name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "kafka.fullname" -}} -{{- printf "%s-kafka" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "kafka.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "kafka.labels" -}} -helm.sh/chart: {{ include "kafka.chart" . }} -{{ include "kafka.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{- define "kafka.selectorLabels" -}} -app: {{ .Release.Name }}-{{ include "kafka.name" . }} -app.kubernetes.io/name: {{ include "kafka.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{- define "kafka.listener" -}} -{{- $namespace := .Release.Namespace }} -{{- printf "${POD_NAME}.%s-headless.%s.svc.cluster.local" (include "kafka.fullname" .) $namespace | trimSuffix "-" -}} -{{- end -}} - -{{- define "kafka.bootstrap.server" -}} -{{- $namespace := .Release.Namespace }} -{{- printf "%s-headless" (include "kafka.fullname" .) | trimSuffix "-" -}} -{{- end -}} - -{{- define "kafka.zookeeper.fullname" -}} -{{- $name := default "zookeeper" (index .Values "zookeeper" "nameOverride") -}} -{{- printf "%s-%s-headless" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "kafka.zookeeper.ensemble" }} -{{- if (index .Values "zookeeper" "enabled") -}} -{{- $clientPort := default 2181 (index .Values "zookeeper" "port" "client") | int -}} -{{- printf "%s:%d" (include "kafka.zookeeper.fullname" .) $clientPort }} -{{- else -}} -{{- printf "%s" (index .Values "zookeeper" "url") }} -{{- end -}} -{{- end -}} +{{- define "kafka.name" -}} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "kafka.fullname" -}} +{{- printf "%s-kafka" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "kafka.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "kafka.labels" -}} +helm.sh/chart: {{ include "kafka.chart" . }} +{{ include "kafka.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{- define "kafka.selectorLabels" -}} +app: {{ .Release.Name }}-{{ include "kafka.name" . }} +app.kubernetes.io/name: {{ include "kafka.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "kafka.listener" -}} +{{- $namespace := .Release.Namespace }} +{{- printf "${POD_NAME}.%s-headless.%s.svc.cluster.local" (include "kafka.fullname" .) $namespace | trimSuffix "-" -}} +{{- end -}} + +{{- define "kafka.bootstrap.server" -}} +{{- $namespace := .Release.Namespace }} +{{- printf "%s-headless" (include "kafka.fullname" .) | trimSuffix "-" -}} +{{- end -}} + +{{- define "kafka.zookeeper.fullname" -}} +{{- $name := default "zookeeper" (index .Values "zookeeper" "nameOverride") -}} +{{- printf "%s-%s-headless" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "kafka.zookeeper.ensemble" }} +{{- if (index .Values "zookeeper" "enabled") -}} +{{- $clientPort := default 2181 (index .Values "zookeeper" "port" "client") | int -}} +{{- printf "%s:%d" (include "kafka.zookeeper.fullname" .) $clientPort }} +{{- else -}} +{{- printf "%s" (index .Values "zookeeper" "url") }} +{{- end -}} +{{- end -}} diff --git a/charts/kafka/templates/alerts.yaml b/charts/kafka/templates/alerts.yaml index bd8e8374..78a55f31 100644 --- a/charts/kafka/templates/alerts.yaml +++ b/charts/kafka/templates/alerts.yaml @@ -1,121 +1,121 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-kafka.rules - rules: - - alert: KafkaDown - expr: kafka_exporter_build_info{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka cluster {{ .Release.Name }} is down' - description: 'Kafka exporter for {{ .Release.Name }} is not reporting metrics' - - - alert: KafkaBrokerDown - expr: sum(kafka_brokers{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < 3 - for: 1m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka broker(s) in {{ .Release.Name }} are down' - description: 'One or more Kafka brokers in the {{ .Release.Name }} cluster are down' - - - alert: KafkaUnderReplicatedPartitions - expr: sum(kafka_topic_partition_under_replicated_partition{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) > 0 - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka cluster {{ .Release.Name }} has under-replicated partitions' - description: 'Kafka cluster {{ .Release.Name }} has under-replicated partitions' - - - alert: KafkaOfflinePartitions - expr: sum(kafka_topic_partition_leader{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} < 0) > 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka cluster {{ .Release.Name }} has offline partitions' - description: 'Kafka cluster {{ .Release.Name }} has offline partitions' - - - alert: KafkaConsumerGroupLag - expr: sum by (consumergroup, topic) (kafka_topic_partition_current_offset{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} - on(topic, partition) group_right(consumergroup) kafka_consumergroup_current_offset{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) > 10000 - for: 10m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka consumer group lag is high for {{ .Release.Name }}' - description: 'Kafka consumer group for {{ .Release.Name }} is experiencing high lag' - - - alert: KafkaPreferredReplicaImbalance - expr: sum(kafka_topic_partition_leader_is_preferred{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} == 0) > 0 - for: 15m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka cluster {{ .Release.Name }} has leader imbalance' - description: 'Kafka cluster {{ .Release.Name }} has partitions not on their preferred replica' - - - alert: KafkaInSyncReplicasLow - expr: min by (topic, partition) (kafka_topic_partition_in_sync_replica{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < kafka_topic_partition_replicas{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka topics in {{ .Release.Name }} have fewer in-sync replicas than configured' - description: 'One or more topics in {{ .Release.Name }} have fewer in-sync replicas than configured' - - - alert: KafkaConsumerGroupMembersZero - expr: sum by (consumergroup) (kafka_consumergroup_members{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) == 0 - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka consumer group has no active members in {{ .Release.Name }}' - description: 'One or more consumer groups in {{ .Release.Name }} have no active members' - - - alert: KafkaRestarted - expr: (time() - process_start_time_seconds{job=~".*kafka.*", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < 300 - for: 0m - labels: - severity: info - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Kafka broker in {{ .Release.Name }} restarted' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-kafka.rules + rules: + - alert: KafkaDown + expr: kafka_exporter_build_info{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka cluster {{ .Release.Name }} is down' + description: 'Kafka exporter for {{ .Release.Name }} is not reporting metrics' + + - alert: KafkaBrokerDown + expr: sum(kafka_brokers{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < 3 + for: 1m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka broker(s) in {{ .Release.Name }} are down' + description: 'One or more Kafka brokers in the {{ .Release.Name }} cluster are down' + + - alert: KafkaUnderReplicatedPartitions + expr: sum(kafka_topic_partition_under_replicated_partition{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) > 0 + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka cluster {{ .Release.Name }} has under-replicated partitions' + description: 'Kafka cluster {{ .Release.Name }} has under-replicated partitions' + + - alert: KafkaOfflinePartitions + expr: sum(kafka_topic_partition_leader{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} < 0) > 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka cluster {{ .Release.Name }} has offline partitions' + description: 'Kafka cluster {{ .Release.Name }} has offline partitions' + + - alert: KafkaConsumerGroupLag + expr: sum by (consumergroup, topic) (kafka_topic_partition_current_offset{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} - on(topic, partition) group_right(consumergroup) kafka_consumergroup_current_offset{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) > 10000 + for: 10m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka consumer group lag is high for {{ .Release.Name }}' + description: 'Kafka consumer group for {{ .Release.Name }} is experiencing high lag' + + - alert: KafkaPreferredReplicaImbalance + expr: sum(kafka_topic_partition_leader_is_preferred{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} == 0) > 0 + for: 15m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka cluster {{ .Release.Name }} has leader imbalance' + description: 'Kafka cluster {{ .Release.Name }} has partitions not on their preferred replica' + + - alert: KafkaInSyncReplicasLow + expr: min by (topic, partition) (kafka_topic_partition_in_sync_replica{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < kafka_topic_partition_replicas{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"} + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka topics in {{ .Release.Name }} have fewer in-sync replicas than configured' + description: 'One or more topics in {{ .Release.Name }} have fewer in-sync replicas than configured' + + - alert: KafkaConsumerGroupMembersZero + expr: sum by (consumergroup) (kafka_consumergroup_members{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) == 0 + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka consumer group has no active members in {{ .Release.Name }}' + description: 'One or more consumer groups in {{ .Release.Name }} have no active members' + + - alert: KafkaRestarted + expr: (time() - process_start_time_seconds{job=~".*kafka.*", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-kafka-.*"}) < 300 + for: 0m + labels: + severity: info + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Kafka broker in {{ .Release.Name }} restarted' description: 'Kafka broker in {{ .Release.Name }} restarted less than 5 minutes ago' \ No newline at end of file diff --git a/charts/kafka/templates/configmap.yaml b/charts/kafka/templates/configmap.yaml index e93da1c1..9e3959ab 100644 --- a/charts/kafka/templates/configmap.yaml +++ b/charts/kafka/templates/configmap.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kafka.fullname" . }}-configmap - namespace: {{ .Release.Namespace }} -data: - BOOTSTRAP_SERVER: {{ include "kafka.bootstrap.server" . }}:9092 - +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kafka.fullname" . }}-configmap + namespace: {{ .Release.Namespace }} +data: + BOOTSTRAP_SERVER: {{ include "kafka.bootstrap.server" . }}:9092 + diff --git a/charts/kafka/templates/headless-service.yaml b/charts/kafka/templates/headless-service.yaml index eb7798af..2f893833 100644 --- a/charts/kafka/templates/headless-service.yaml +++ b/charts/kafka/templates/headless-service.yaml @@ -1,26 +1,26 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kafka.fullname" . }}-headless - labels: - {{- include "kafka.labels" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: tcp-kafka-int - port: 9092 - protocol: TCP - targetPort: tcp-kafka-int - - name: tcp-kafka-ext - port: 9093 - protocol: TCP - targetPort: tcp-kafka-ext - - name: metrics - port: 2121 - protocol: TCP - targetPort: metrics - selector: - {{- include "kafka.selectorLabels" . | nindent 4 }} - +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kafka.fullname" . }}-headless + labels: + {{- include "kafka.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: tcp-kafka-int + port: 9092 + protocol: TCP + targetPort: tcp-kafka-int + - name: tcp-kafka-ext + port: 9093 + protocol: TCP + targetPort: tcp-kafka-ext + - name: metrics + port: 2121 + protocol: TCP + targetPort: metrics + selector: + {{- include "kafka.selectorLabels" . | nindent 4 }} + diff --git a/charts/kafka/templates/poddisruptionbudget.yaml b/charts/kafka/templates/poddisruptionbudget.yaml index 4af1c899..0c6095a9 100644 --- a/charts/kafka/templates/poddisruptionbudget.yaml +++ b/charts/kafka/templates/poddisruptionbudget.yaml @@ -1,11 +1,11 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "kafka.fullname" . }}-pdb - labels: - {{- include "kafka.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.maxUnavailable }} - selector: - matchLabels: - {{- include "kafka.selectorLabels" . | nindent 6 }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "kafka.fullname" . }}-pdb + labels: + {{- include "kafka.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.maxUnavailable }} + selector: + matchLabels: + {{- include "kafka.selectorLabels" . | nindent 6 }} diff --git a/charts/kafka/templates/serviceMonitor.yaml b/charts/kafka/templates/serviceMonitor.yaml index 2a330683..e49bd37d 100644 --- a/charts/kafka/templates/serviceMonitor.yaml +++ b/charts/kafka/templates/serviceMonitor.yaml @@ -1,15 +1,15 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "kafka.fullname" . }} - labels: - {{- include "kafka.labels" . | nindent 4 }} - release: prometheus -spec: - selector: - matchLabels: - {{- include "kafka.selectorLabels" . | nindent 6 }} - endpoints: - - port: metrics - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "kafka.fullname" . }} + labels: + {{- include "kafka.labels" . | nindent 4 }} + release: prometheus +spec: + selector: + matchLabels: + {{- include "kafka.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/kafka/templates/statefulset.yaml b/charts/kafka/templates/statefulset.yaml index e78eecbc..790793e5 100644 --- a/charts/kafka/templates/statefulset.yaml +++ b/charts/kafka/templates/statefulset.yaml @@ -1,188 +1,188 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "kafka.fullname" . }} - labels: - {{- include "kafka.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "kafka.selectorLabels" . | nindent 6 }} - serviceName: {{ include "kafka.fullname" . }}-headless - replicas: 3 - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "kafka.selectorLabels" . | nindent 8 }} - spec: - securityContext: - fsGroup: 1000 - affinity: - {{- if .Values.affinity }} - {{ toYaml .Values.affinity | indent 8 }} - {{- else }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ include "kafka.name" . }} - topologyKey: kubernetes.io/hostname - weight: 1 - {{- end }} - containers: - - name: kafka-exporter - image: danielqsj/kafka-exporter:v1.9.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 2121 - name: metrics - args: - - "--kafka.server=localhost:9092" - - "--web.listen-address=:2121" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - - name: {{ .Chart.Name }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullPolicy: "IfNotPresent" - image: "docker.io/confluentinc/cp-kafka:{{ .Values.version }}" - env: - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: KAFKA_ZOOKEEPER_CONNECT - value: {{ include "kafka.zookeeper.ensemble" . | quote }} - - name: KAFKA_HEAP_OPTS - value: "-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0" - - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE - value: "false" - - name: KAFKA_LOG_DIRS - value: "/var/lib/kafka/data" - - name: KAFKA_AUTO_CREATE_TOPICS_ENABLE - value: "false" - - name: KAFKA_DELETE_TOPIC_ENABLE - value: "true" - - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR - value: "3" - - name: KAFKA_NUM_PARTITIONS - value: "3" - - name: KAFKA_DEFAULT_REPLICATION_FACTOR - value: "3" - - name: KAFKA_MIN_INSYNC_REPLICAS - value: "2" - - name: KAFKA_UNCLEAN_LEADER_ELECTION.ENABLE - value: "false" - - name: KAFKA_LOG_FLUSH_INTERVAL_MESSAGES - value: "10000" - - name: KAFKA_LOG_FLUSH_INTERVAL_MS - value: "1000" - - name: KAFKA_LOG_RETENTION_BYTES - value: "1073741824" - - name: KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS - value: "300000" - - name: KAFKA_LOG_RETENTION_HOURS - value: "168" - - name: KAFKA_LOG_SEGMENT_BYTES - value: "1073741824" - - name: KAFKA_MESSAGE_MAX_BYTES - value: "1048588" - - name: KAFKA_LOG4J_ROOT_LOGLEVEL - value: "INFO" - - name: KAFKA_LOG4J_LOGGERS - value: "kafka.authorizer.logger=INFO,kafka.controller=INFO" - - name: KAFKA_LISTENERS - value: "PLAINTEXT://:9092,EXTERNAL://:9093" - - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP - value: "PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT" - command: - - "sh" - - "-exc" - - | - export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ - export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://{{ include "kafka.listener" . }}:9092,EXTERNAL://127.0.0.1:$((32400 + ${KAFKA_BROKER_ID})) && \ - rm -rf /var/lib/kafka/data/lost+found && \ - exec /etc/confluent/docker/run - ports: - - name: tcp-kafka-int - containerPort: 9092 - - name: tcp-kafka-ext - containerPort: 9093 - livenessProbe: - tcpSocket: - port: tcp-kafka-int - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - tcpSocket: - port: tcp-kafka-int - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - volumeMounts: - - name: data - mountPath: /var/lib/kafka/data - - name: config - mountPath: /etc/kafka - - name: logs - mountPath: /var/log - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumes: - - name: config - emptyDir: {} - - name: logs - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.diskSize | quote }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "kafka.fullname" . }} + labels: + {{- include "kafka.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "kafka.selectorLabels" . | nindent 6 }} + serviceName: {{ include "kafka.fullname" . }}-headless + replicas: 3 + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + podManagementPolicy: Parallel + template: + metadata: + labels: + {{- include "kafka.selectorLabels" . | nindent 8 }} + spec: + securityContext: + fsGroup: 1000 + affinity: + {{- if .Values.affinity }} + {{ toYaml .Values.affinity | indent 8 }} + {{- else }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ include "kafka.name" . }} + topologyKey: kubernetes.io/hostname + weight: 1 + {{- end }} + containers: + - name: kafka-exporter + image: danielqsj/kafka-exporter:v1.9.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 2121 + name: metrics + args: + - "--kafka.server=localhost:9092" + - "--web.listen-address=:2121" + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + - name: {{ .Chart.Name }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + imagePullPolicy: "IfNotPresent" + image: "docker.io/confluentinc/cp-kafka:{{ .Values.version }}" + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: KAFKA_ZOOKEEPER_CONNECT + value: {{ include "kafka.zookeeper.ensemble" . | quote }} + - name: KAFKA_HEAP_OPTS + value: "-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0" + - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE + value: "false" + - name: KAFKA_LOG_DIRS + value: "/var/lib/kafka/data" + - name: KAFKA_AUTO_CREATE_TOPICS_ENABLE + value: "false" + - name: KAFKA_DELETE_TOPIC_ENABLE + value: "true" + - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR + value: "3" + - name: KAFKA_NUM_PARTITIONS + value: "3" + - name: KAFKA_DEFAULT_REPLICATION_FACTOR + value: "3" + - name: KAFKA_MIN_INSYNC_REPLICAS + value: "2" + - name: KAFKA_UNCLEAN_LEADER_ELECTION.ENABLE + value: "false" + - name: KAFKA_LOG_FLUSH_INTERVAL_MESSAGES + value: "10000" + - name: KAFKA_LOG_FLUSH_INTERVAL_MS + value: "1000" + - name: KAFKA_LOG_RETENTION_BYTES + value: "1073741824" + - name: KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS + value: "300000" + - name: KAFKA_LOG_RETENTION_HOURS + value: "168" + - name: KAFKA_LOG_SEGMENT_BYTES + value: "1073741824" + - name: KAFKA_MESSAGE_MAX_BYTES + value: "1048588" + - name: KAFKA_LOG4J_ROOT_LOGLEVEL + value: "INFO" + - name: KAFKA_LOG4J_LOGGERS + value: "kafka.authorizer.logger=INFO,kafka.controller=INFO" + - name: KAFKA_LISTENERS + value: "PLAINTEXT://:9092,EXTERNAL://:9093" + - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP + value: "PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT" + command: + - "sh" + - "-exc" + - | + export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ + export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://{{ include "kafka.listener" . }}:9092,EXTERNAL://127.0.0.1:$((32400 + ${KAFKA_BROKER_ID})) && \ + rm -rf /var/lib/kafka/data/lost+found && \ + exec /etc/confluent/docker/run + ports: + - name: tcp-kafka-int + containerPort: 9092 + - name: tcp-kafka-ext + containerPort: 9093 + livenessProbe: + tcpSocket: + port: tcp-kafka-int + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + tcpSocket: + port: tcp-kafka-int + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + volumeMounts: + - name: data + mountPath: /var/lib/kafka/data + - name: config + mountPath: /etc/kafka + - name: logs + mountPath: /var/log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: config + emptyDir: {} + - name: logs + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.diskSize | quote }} diff --git a/charts/kafka/values.schema.json b/charts/kafka/values.schema.json index d4d37da9..d1355aba 100644 --- a/charts/kafka/values.schema.json +++ b/charts/kafka/values.schema.json @@ -1,82 +1,82 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "7.8.0", - "mutable": true - }, - "zookeeper": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "default": true - }, - "url": { - "type": "string", - "default": "" - } - } - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Mi$", - "default": "500Mi", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "1000m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Mi$", - "default": "1500Mi", - "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "7.8.0", + "mutable": true + }, + "zookeeper": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + }, + "url": { + "type": "string", + "default": "" + } + } + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Mi$", + "default": "500Mi", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "1000m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Mi$", + "default": "1500Mi", + "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } } \ No newline at end of file diff --git a/charts/kafka/values.yaml b/charts/kafka/values.yaml index 460ef1ba..9f075627 100644 --- a/charts/kafka/values.yaml +++ b/charts/kafka/values.yaml @@ -1,15 +1,15 @@ -version: "7.8.0" - -zookeeper: - enabled: true - url: "" ## If not enabled provide the zookeeper url - -resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1000m" - memory: "1500Mi" - +version: "7.8.0" + +zookeeper: + enabled: true + url: "" ## If not enabled provide the zookeeper url + +resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1000m" + memory: "1500Mi" + diskSize : 10Gi \ No newline at end of file diff --git a/charts/mariadb/Chart.yaml b/charts/mariadb/Chart.yaml index 9b84f94d..dd93f3b9 100644 --- a/charts/mariadb/Chart.yaml +++ b/charts/mariadb/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying mariadb datastore -name: mariadb -version: 0.0.4 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying mariadb datastore +name: mariadb +version: 0.0.4 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/mariadb/Readme.md b/charts/mariadb/Readme.md index 09347638..408fc57a 100644 --- a/charts/mariadb/Readme.md +++ b/charts/mariadb/Readme.md @@ -1,178 +1,178 @@ -# MariaDB Helm Chart - -This Helm chart deploys a MariaDB cluster on Kubernetes, including master-slave replication. Below is a detailed guide to the configuration options available. - ---- - -## Prerequisites -- Kubernetes 1.18+ -- Helm 3.0+ - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the MariaDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/mariadb -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-mariadb zopdev/mariadb -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the MariaDB Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-mariadb -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The table below outlines the essential global configuration options. For specific master and slave configurations, refer to their respective sections below. - -### Global Configuration -| Input | Type | Description | Default | -|-------------------------------|---------|--------------------------------------------|----------------------------| -| `image.registry` | String | Docker registry for the MariaDB image. | `docker.io` | -| `image.repository` | String | Repository for the MariaDB image. | `bitnami/mariadb` | -| `image.tag` | String | MariaDB image tag. | `10.3.22-debian-10-r27` | -| `image.pullPolicy` | String | Image pull policy. | `IfNotPresent` | -| `rootUser.password` | String | Root password for MariaDB. | `"root"` | -| `replication.enabled` | Bool | Enable master-slave replication. | `true` | -| `replication.user` | String | Username for replication. | `replicator` | -| `replication.password` | String | Password for the replication user. | `"root"` | - ---- - -### Master Configuration - -| Input | Type | Description | Default | -|------------------------------------|---------|------------------------------------------------|------------------| -| `master.resources.requests.cpu` | String | CPU request for the MariaDB master. | `"500m"` | -| `master.resources.requests.memory` | String | Memory request for the MariaDB master. | `"256Mi"` | -| `master.resources.limits.cpu` | String | CPU limit for the MariaDB master. | `"1500m"` | -| `master.resources.limits.memory` | String | Memory limit for the MariaDB master. | `"1Gi"` | -| `master.persistence.size` | String | Persistent storage size for the master. | `"10Gi"` | -| `master.livenessProbe.enabled` | Bool | Enable liveness probe for the master. | `true` | -| `master.livenessProbe.initialDelaySeconds`| Int| Initial delay for the master liveness probe. | `120` | -| `master.readinessProbe.enabled` | Bool | Enable readiness probe for the master. | `true` | -| `master.readinessProbe.initialDelaySeconds`| Int| Initial delay for the master readiness probe. | `30` | -| `master.service.type` | String | Service type for the master pod. | `ClusterIP` | -| `master.service.port` | Int | Port exposed by the master service. | `3306` | - ---- - -### Slave Configuration - -| Input | Type | Description | Default | -|------------------------------------|---------|------------------------------------------------|------------------| -| `slave.replicas` | Int | Number of MariaDB slave replicas. | `1` | -| `slave.resources.requests.cpu` | String | CPU request for MariaDB slave pods. | `"500m"` | -| `slave.resources.requests.memory` | String | Memory request for MariaDB slave pods. | `"256Mi"` | -| `slave.resources.limits.cpu` | String | CPU limit for MariaDB slave pods. | `"1500m"` | -| `slave.resources.limits.memory` | String | Memory limit for MariaDB slave pods. | `"1Gi"` | -| `slave.persistence.size` | String | Persistent storage size for slaves. | `"10Gi"` | -| `slave.livenessProbe.enabled` | Bool | Enable liveness probe for the slave pods. | `true` | -| `slave.livenessProbe.initialDelaySeconds`| Int | Initial delay for slave liveness probe. | `120` | -| `slave.readinessProbe.enabled` | Bool | Enable readiness probe for the slave pods. | `true` | -| `slave.readinessProbe.initialDelaySeconds`| Int| Initial delay for slave readiness probe. | `30` | -| `slave.service.type` | String | Service type for slave pods. | `ClusterIP` | -| `slave.service.port` | Int | Port exposed by the slave service. | `3306` | - ---- - -## Example `values.yaml` - -```yaml -version: 10.3.22-debian-10-r27 - -replication: - enabled: true - -master: - resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1Gi" - persistence: - size: 10Gi - -slave: - replicas: 1 - - resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1Gi" - - persistence: - size: 10Gi -``` - ---- - -## Features -- Deploy MariaDB master-slave architecture on Kubernetes. -- Configurable master and slave resources and persistence. -- Probes for liveness and readiness checks for health monitoring. -- Master-slave replication with customizable credentials and scaling. -- Customizable service types and ports for networking flexibility. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# MariaDB Helm Chart + +This Helm chart deploys a MariaDB cluster on Kubernetes, including master-slave replication. Below is a detailed guide to the configuration options available. + +--- + +## Prerequisites +- Kubernetes 1.18+ +- Helm 3.0+ + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the MariaDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/mariadb +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-mariadb zopdev/mariadb +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the MariaDB Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-mariadb +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The table below outlines the essential global configuration options. For specific master and slave configurations, refer to their respective sections below. + +### Global Configuration +| Input | Type | Description | Default | +|-------------------------------|---------|--------------------------------------------|----------------------------| +| `image.registry` | String | Docker registry for the MariaDB image. | `docker.io` | +| `image.repository` | String | Repository for the MariaDB image. | `bitnami/mariadb` | +| `image.tag` | String | MariaDB image tag. | `10.3.22-debian-10-r27` | +| `image.pullPolicy` | String | Image pull policy. | `IfNotPresent` | +| `rootUser.password` | String | Root password for MariaDB. | `"root"` | +| `replication.enabled` | Bool | Enable master-slave replication. | `true` | +| `replication.user` | String | Username for replication. | `replicator` | +| `replication.password` | String | Password for the replication user. | `"root"` | + +--- + +### Master Configuration + +| Input | Type | Description | Default | +|------------------------------------|---------|------------------------------------------------|------------------| +| `master.resources.requests.cpu` | String | CPU request for the MariaDB master. | `"500m"` | +| `master.resources.requests.memory` | String | Memory request for the MariaDB master. | `"256Mi"` | +| `master.resources.limits.cpu` | String | CPU limit for the MariaDB master. | `"1500m"` | +| `master.resources.limits.memory` | String | Memory limit for the MariaDB master. | `"1Gi"` | +| `master.persistence.size` | String | Persistent storage size for the master. | `"10Gi"` | +| `master.livenessProbe.enabled` | Bool | Enable liveness probe for the master. | `true` | +| `master.livenessProbe.initialDelaySeconds`| Int| Initial delay for the master liveness probe. | `120` | +| `master.readinessProbe.enabled` | Bool | Enable readiness probe for the master. | `true` | +| `master.readinessProbe.initialDelaySeconds`| Int| Initial delay for the master readiness probe. | `30` | +| `master.service.type` | String | Service type for the master pod. | `ClusterIP` | +| `master.service.port` | Int | Port exposed by the master service. | `3306` | + +--- + +### Slave Configuration + +| Input | Type | Description | Default | +|------------------------------------|---------|------------------------------------------------|------------------| +| `slave.replicas` | Int | Number of MariaDB slave replicas. | `1` | +| `slave.resources.requests.cpu` | String | CPU request for MariaDB slave pods. | `"500m"` | +| `slave.resources.requests.memory` | String | Memory request for MariaDB slave pods. | `"256Mi"` | +| `slave.resources.limits.cpu` | String | CPU limit for MariaDB slave pods. | `"1500m"` | +| `slave.resources.limits.memory` | String | Memory limit for MariaDB slave pods. | `"1Gi"` | +| `slave.persistence.size` | String | Persistent storage size for slaves. | `"10Gi"` | +| `slave.livenessProbe.enabled` | Bool | Enable liveness probe for the slave pods. | `true` | +| `slave.livenessProbe.initialDelaySeconds`| Int | Initial delay for slave liveness probe. | `120` | +| `slave.readinessProbe.enabled` | Bool | Enable readiness probe for the slave pods. | `true` | +| `slave.readinessProbe.initialDelaySeconds`| Int| Initial delay for slave readiness probe. | `30` | +| `slave.service.type` | String | Service type for slave pods. | `ClusterIP` | +| `slave.service.port` | Int | Port exposed by the slave service. | `3306` | + +--- + +## Example `values.yaml` + +```yaml +version: 10.3.22-debian-10-r27 + +replication: + enabled: true + +master: + resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1Gi" + persistence: + size: 10Gi + +slave: + replicas: 1 + + resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1Gi" + + persistence: + size: 10Gi +``` + +--- + +## Features +- Deploy MariaDB master-slave architecture on Kubernetes. +- Configurable master and slave resources and persistence. +- Probes for liveness and readiness checks for health monitoring. +- Master-slave replication with customizable credentials and scaling. +- Customizable service types and ports for networking flexibility. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/mariadb/templates/_helpers.tpl b/charts/mariadb/templates/_helpers.tpl index 8ae25996..e6f3d589 100644 --- a/charts/mariadb/templates/_helpers.tpl +++ b/charts/mariadb/templates/_helpers.tpl @@ -1,212 +1,212 @@ -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "mariadb.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mariadb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate a fully qualified app name for MariaDB. -Always ensures the format `release.name-mariadb`. -Truncates at 63 characters as required by Kubernetes naming conventions. -*/}} -{{- define "mariadb.fullname" -}} -{{- printf "%s-mariadb" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "master.fullname" -}} -{{- printf "%s-master" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "slave.fullname" -}} -{{- printf "%s-slave" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "mariadb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper MariaDB image name -*/}} -{{- define "mariadb.image" -}} -{{- $tag := .Values.version | toString -}} -{{- printf "docker.io/bitnami/mariadb:%s" $tag -}} -{{- end -}} - -{{/* -Return the proper metrics image name -*/}} -{{- define "mariadb.metrics.image" -}} -{{- $registryName := .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{ template "mariadb.initdbScriptsCM" . }} -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mariadb.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" .Values.initdbScriptsConfigMap -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "master.fullname" .) -}} -{{- end -}} -{{- end -}} - - -{{/* -Return the proper test image name -*/}} -{{- define "mariadb.tests.testFramework.image" -}} -{{- $registryName := .Values.tests.testFramework.image.registry -}} -{{- $repositoryName := .Values.tests.testFramework.image.repository -}} -{{- $tag := .Values.tests.testFramework.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mariadb.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class for the master -*/}} -{{- define "mariadb.master.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.master.persistence.storageClass -}} - {{- if (eq "-" .Values.master.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.master.persistence.storageClass -}} - {{- if (eq "-" .Values.master.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class for the slave -*/}} -{{- define "mariadb.slave.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.slave.persistence.storageClass -}} - {{- if (eq "-" .Values.slave.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.slave.persistence.storageClass -}} - {{- if (eq "-" .Values.slave.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name of the Secret used to store the passwords -*/}} -{{- define "mariadb.secretName" -}} -{{- if .Values.existingSecret -}} -{{ .Values.existingSecret }} -{{- else -}} -{{ template "mariadb.fullname" . -}} -{{- end -}} -{{- end -}} +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "mariadb.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mariadb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate a fully qualified app name for MariaDB. +Always ensures the format `release.name-mariadb`. +Truncates at 63 characters as required by Kubernetes naming conventions. +*/}} +{{- define "mariadb.fullname" -}} +{{- printf "%s-mariadb" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "master.fullname" -}} +{{- printf "%s-master" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "slave.fullname" -}} +{{- printf "%s-slave" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "mariadb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper MariaDB image name +*/}} +{{- define "mariadb.image" -}} +{{- $tag := .Values.version | toString -}} +{{- printf "docker.io/bitnami/mariadb:%s" $tag -}} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "mariadb.metrics.image" -}} +{{- $registryName := .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{ template "mariadb.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "master.fullname" .) -}} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper test image name +*/}} +{{- define "mariadb.tests.testFramework.image" -}} +{{- $registryName := .Values.tests.testFramework.image.registry -}} +{{- $repositoryName := .Values.tests.testFramework.image.repository -}} +{{- $tag := .Values.tests.testFramework.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mariadb.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class for the master +*/}} +{{- define "mariadb.master.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.master.persistence.storageClass -}} + {{- if (eq "-" .Values.master.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.master.persistence.storageClass -}} + {{- if (eq "-" .Values.master.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class for the slave +*/}} +{{- define "mariadb.slave.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.slave.persistence.storageClass -}} + {{- if (eq "-" .Values.slave.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.slave.persistence.storageClass -}} + {{- if (eq "-" .Values.slave.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the name of the Secret used to store the passwords +*/}} +{{- define "mariadb.secretName" -}} +{{- if .Values.existingSecret -}} +{{ .Values.existingSecret }} +{{- else -}} +{{ template "mariadb.fullname" . -}} +{{- end -}} +{{- end -}} diff --git a/charts/mariadb/templates/alerts.yaml b/charts/mariadb/templates/alerts.yaml index 5217a4dd..1f3888a0 100644 --- a/charts/mariadb/templates/alerts.yaml +++ b/charts/mariadb/templates/alerts.yaml @@ -1,113 +1,113 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }}-mariadb-alerts - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-mariadb.rules - rules: - - alert: MariaDBDown - expr: mysql_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} is down' - description: 'MariaDB instance {{ .Release.Name }} is down' - - - alert: MariaDBTooManyConnections - expr: | - max_over_time(mysql_global_status_threads_connected{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) - / mysql_global_variables_max_connections{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} * 100 > 80 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} has too many connections' - description: 'More than 80% of MariaDB connections of {{ .Release.Name }} are in use' - - - alert: MariaDBHighPreparedStatementsUtilization - expr: | - max_over_time(mysql_global_status_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) - / mysql_global_variables_max_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} * 100 > 80 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} high prepared statements utilization' - description: 'MariaDB instance {{ .Release.Name }} has high utilization of prepared statements' - - - alert: MariaDBSlowQueries - expr: increase(mysql_global_status_slow_queries{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) > 0 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} slow queries' - description: 'MariaDB instance {{ .Release.Name }} has new slow queries' - - - alert: MariaDBRestarted - expr: mysql_global_status_uptime{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} < 60 - for: 0m - labels: - severity: info - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} restarted' - description: 'MariaDB instance {{ .Release.Name }} restarted < 1 minute ago' - - - alert: MariaDBHighQps - expr: irate(mysql_global_status_questions{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) > 10000 - for: 2m - labels: - severity: info - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB instance {{ .Release.Name }} has High QPS' - description: 'MariaDB instance {{ .Release.Name }} is experiencing high QPS (> 10k)' - - - alert: MariaDBReplicationLag - expr: mysql_slave_status_seconds_behind_master{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} > 30 - for: 1m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB replica {{ .Release.Name }} lag' - description: 'MariaDB replica {{ .Release.Name }} is lagging by more than 30 seconds' - - - alert: MariaDBReplicationNotRunning - expr: mysql_slave_status_slave_io_running{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 or mysql_slave_status_slave_sql_running{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MariaDB replica {{ .Release.Name }} not running' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }}-mariadb-alerts + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-mariadb.rules + rules: + - alert: MariaDBDown + expr: mysql_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} is down' + description: 'MariaDB instance {{ .Release.Name }} is down' + + - alert: MariaDBTooManyConnections + expr: | + max_over_time(mysql_global_status_threads_connected{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) + / mysql_global_variables_max_connections{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} * 100 > 80 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} has too many connections' + description: 'More than 80% of MariaDB connections of {{ .Release.Name }} are in use' + + - alert: MariaDBHighPreparedStatementsUtilization + expr: | + max_over_time(mysql_global_status_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) + / mysql_global_variables_max_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} * 100 > 80 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} high prepared statements utilization' + description: 'MariaDB instance {{ .Release.Name }} has high utilization of prepared statements' + + - alert: MariaDBSlowQueries + expr: increase(mysql_global_status_slow_queries{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) > 0 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} slow queries' + description: 'MariaDB instance {{ .Release.Name }} has new slow queries' + + - alert: MariaDBRestarted + expr: mysql_global_status_uptime{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} < 60 + for: 0m + labels: + severity: info + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} restarted' + description: 'MariaDB instance {{ .Release.Name }} restarted < 1 minute ago' + + - alert: MariaDBHighQps + expr: irate(mysql_global_status_questions{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"}[1m]) > 10000 + for: 2m + labels: + severity: info + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB instance {{ .Release.Name }} has High QPS' + description: 'MariaDB instance {{ .Release.Name }} is experiencing high QPS (> 10k)' + + - alert: MariaDBReplicationLag + expr: mysql_slave_status_seconds_behind_master{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} > 30 + for: 1m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB replica {{ .Release.Name }} lag' + description: 'MariaDB replica {{ .Release.Name }} is lagging by more than 30 seconds' + + - alert: MariaDBReplicationNotRunning + expr: mysql_slave_status_slave_io_running{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 or mysql_slave_status_slave_sql_running{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mariadb-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MariaDB replica {{ .Release.Name }} not running' description: 'Replication on MariaDB replica {{ .Release.Name }} is not running' \ No newline at end of file diff --git a/charts/mariadb/templates/database-pod.yaml b/charts/mariadb/templates/database-pod.yaml index da85f033..e8b57084 100644 --- a/charts/mariadb/templates/database-pod.yaml +++ b/charts/mariadb/templates/database-pod.yaml @@ -1,29 +1,29 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-mariadb-init - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: mysql-init-role - image: imega/mysql-client - command: ["mysql"] - args: - ["-h", "{{ $.Release.Name }}-mariadb", "-u", "root", "-p$(ROOTPASSWORD)", "-e", "source /etc/config/db-init.sql"] - env: - - name: ROOTPASSWORD - valueFrom: - secretKeyRef: - name: "{{ $.Release.Name }}-mariadb-secrets" - key: mariadb-root-password - volumeMounts: - - name: secret-volume - mountPath: /etc/config - volumes: - - name: secret-volume - configMap: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - restartPolicy: OnFailure ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-mariadb-init + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: mysql-init-role + image: imega/mysql-client + command: ["mysql"] + args: + ["-h", "{{ $.Release.Name }}-mariadb", "-u", "root", "-p$(ROOTPASSWORD)", "-e", "source /etc/config/db-init.sql"] + env: + - name: ROOTPASSWORD + valueFrom: + secretKeyRef: + name: "{{ $.Release.Name }}-mariadb-secrets" + key: mariadb-root-password + volumeMounts: + - name: secret-volume + mountPath: /etc/config + volumes: + - name: secret-volume + configMap: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + restartPolicy: OnFailure +--- {{- end }} \ No newline at end of file diff --git a/charts/mariadb/templates/init-script-config-map.yaml b/charts/mariadb/templates/init-script-config-map.yaml index 16639076..c5207f0f 100644 --- a/charts/mariadb/templates/init-script-config-map.yaml +++ b/charts/mariadb/templates/init-script-config-map.yaml @@ -1,66 +1,66 @@ -{{- range $index, $service := .Values.services }} -{{- $maxLen := 27 }} -{{- $randomSuffix := randAlphaNum 4 | lower }} -{{- $trimmedName := trunc $maxLen $service.name }} -{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} -{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{/* Define Secret Name */}} -{{- $secretName := printf "%s-%s-%s-mariadb-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} - -{{/* Retrieve existing secret (if any) */}} -{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} - -{{/* Use existing values if available, otherwise generate new ones */}} -{{- $username := $generatedUsername }} -{{- $password := $generatedPassword }} - -{{- if $existingSecret }} - {{- with $existingSecret.data }} - {{- if hasKey . "DB_USER" }} - {{- $username = index . "DB_USER" | b64dec }} - {{- end }} - {{- if hasKey . "DB_PASSWORD" }} - {{- $password = index . "DB_PASSWORD" | b64dec }} - {{- end }} - {{- end }} -{{- end }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mariadb-configmap - namespace: {{ $.Release.Namespace }} -data: - DB_DIALECT: "mariadb" - DB_USER: "{{ $username }}" - DB_PORT: "3306" - DB_NAME: "{{ $service.database }}" - DB_HOST: "{{ $.Release.Name }}-mariadb" ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - DB_PASSWORD: {{ $password | b64enc }} - DB_USER: {{ $username | b64enc }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mariadb-init-script - namespace: {{ $.Release.Namespace }} -data: - db-init.sql: | - CREATE DATABASE IF NOT EXISTS `{{ $service.database }}`; - USE `{{ $service.database }}`; - - CREATE USER IF NOT EXISTS '{{ $username }}'@'%' IDENTIFIED BY '{{ $password }}'; - - GRANT CREATE, ALTER, USAGE ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; - GRANT INSERT, INDEX, REFERENCES, SELECT, UPDATE, DELETE, DROP ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; +{{- range $index, $service := .Values.services }} +{{- $maxLen := 27 }} +{{- $randomSuffix := randAlphaNum 4 | lower }} +{{- $trimmedName := trunc $maxLen $service.name }} +{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} +{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{/* Define Secret Name */}} +{{- $secretName := printf "%s-%s-%s-mariadb-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} + +{{/* Retrieve existing secret (if any) */}} +{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} + +{{/* Use existing values if available, otherwise generate new ones */}} +{{- $username := $generatedUsername }} +{{- $password := $generatedPassword }} + +{{- if $existingSecret }} + {{- with $existingSecret.data }} + {{- if hasKey . "DB_USER" }} + {{- $username = index . "DB_USER" | b64dec }} + {{- end }} + {{- if hasKey . "DB_PASSWORD" }} + {{- $password = index . "DB_PASSWORD" | b64dec }} + {{- end }} + {{- end }} +{{- end }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mariadb-configmap + namespace: {{ $.Release.Namespace }} +data: + DB_DIALECT: "mariadb" + DB_USER: "{{ $username }}" + DB_PORT: "3306" + DB_NAME: "{{ $service.database }}" + DB_HOST: "{{ $.Release.Name }}-mariadb" +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ $.Release.Namespace }} +type: Opaque +data: + DB_PASSWORD: {{ $password | b64enc }} + DB_USER: {{ $username | b64enc }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mariadb-init-script + namespace: {{ $.Release.Namespace }} +data: + db-init.sql: | + CREATE DATABASE IF NOT EXISTS `{{ $service.database }}`; + USE `{{ $service.database }}`; + + CREATE USER IF NOT EXISTS '{{ $username }}'@'%' IDENTIFIED BY '{{ $password }}'; + + GRANT CREATE, ALTER, USAGE ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; + GRANT INSERT, INDEX, REFERENCES, SELECT, UPDATE, DELETE, DROP ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; {{- end }} \ No newline at end of file diff --git a/charts/mariadb/templates/master-configmap.yaml b/charts/mariadb/templates/master-configmap.yaml index 330a8c00..1fe42170 100644 --- a/charts/mariadb/templates/master-configmap.yaml +++ b/charts/mariadb/templates/master-configmap.yaml @@ -1,34 +1,34 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-master-mariadb-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - my.cnf: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - plugin_dir=/opt/bitnami/mariadb/plugin - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mariadb/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-master-mariadb-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + my.cnf: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + plugin_dir=/opt/bitnami/mariadb/plugin + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mariadb/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid diff --git a/charts/mariadb/templates/master-serviceMonitor.yaml b/charts/mariadb/templates/master-serviceMonitor.yaml index 20b6d815..80871187 100644 --- a/charts/mariadb/templates/master-serviceMonitor.yaml +++ b/charts/mariadb/templates/master-serviceMonitor.yaml @@ -1,16 +1,16 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-mariadb-master - labels: - release: prometheus -spec: - selector: - matchLabels: - app: "{{ template "mariadb.name" . }}" - component: "master" - release: "{{ .Release.Name }}" - endpoints: - - port: metrics-port - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-mariadb-master + labels: + release: prometheus +spec: + selector: + matchLabels: + app: "{{ template "mariadb.name" . }}" + component: "master" + release: "{{ .Release.Name }}" + endpoints: + - port: metrics-port + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/mariadb/templates/master-statefulset.yaml b/charts/mariadb/templates/master-statefulset.yaml index d3a715e6..55403bfd 100644 --- a/charts/mariadb/templates/master-statefulset.yaml +++ b/charts/mariadb/templates/master-statefulset.yaml @@ -1,157 +1,157 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "master.fullname" . }} - labels: - app: {{ template "mariadb.name" . }} - chart: {{ template "mariadb.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: master -spec: - selector: - matchLabels: - app: {{ template "mariadb.name" . }} - release: {{ .Release.Name }} - component: master - serviceName: {{ template "master.fullname" . }} - replicas: 1 - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: {{ template "mariadb.name" . }} - chart: {{ template "mariadb.chart" . }} - release: {{ .Release.Name }} - component: master - spec: - securityContext: - fsGroup: 1001 - runAsUser: 1001 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app: {{ template "mariadb.name" . }} - release: {{ .Release.Name }} - containers: - - name: "mariadb" - image: {{ template "mariadb.image" . }} - imagePullPolicy: "IfNotPresent" - env: - {{- if .Values.master.extraFlags }} - - name: MARIADB_EXTRA_FLAGS - value: "{{ .Values.master.extraFlags }}" - {{- end }} - - name: MARIADB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-root-password - {{- if .Values.replication.enabled }} - - name: MARIADB_REPLICATION_MODE - value: "master" - - name: MARIADB_REPLICATION_USER - value: "replicator" - - name: MARIADB_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-replication-password - {{- end }} - {{- if .Values.master.extraEnvVars }} - {{- tpl (toYaml .Values.master.extraEnvVars) $ | nindent 12 }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - livenessProbe: - exec: - command: - - sh - - -c - - | - password_aux="${MARIADB_ROOT_PASSWORD:-}" - if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then - password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE) - fi - mysqladmin status -uroot -p$password_aux - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - exec: - command: - - sh - - -c - - | - password_aux="${MARIADB_ROOT_PASSWORD:-}" - if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then - password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE) - fi - mysqladmin status -uroot -p$password_aux - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - resources: - requests: - memory: {{ .Values.master.resources.requests.memory }} - cpu: {{ .Values.master.resources.requests.cpu }} - limits: - memory: {{ .Values.master.resources.limits.memory }} - cpu: {{ .Values.master.resources.limits.cpu }} - volumeMounts: - - name: data - mountPath: /data/mariadb - - name: config - mountPath: /opt/bitnami/mariadb/conf/my.cnf - subPath: my.cnf - - - name: mariadb-exporter - image: prom/mysqld-exporter:v0.15.1 - ports: - - containerPort: 2121 - name: metrics-port - env: - - name: MYSQLD_EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-root-password - args: - - "--mysqld.username=root" - - "--web.listen-address=:2121" - - "--log.level=debug" - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "200m" - volumes: - - name: config - configMap: - name: "{{ .Release.Name }}-master-mariadb-configmap" - volumeClaimTemplates: - - metadata: - name: data - labels: - app: "{{ template "mariadb.name" . }}" - component: "master" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - spec: - accessModes: [ReadWriteOnce] - resources: - requests: +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "master.fullname" . }} + labels: + app: {{ template "mariadb.name" . }} + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: master +spec: + selector: + matchLabels: + app: {{ template "mariadb.name" . }} + release: {{ .Release.Name }} + component: master + serviceName: {{ template "master.fullname" . }} + replicas: 1 + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "mariadb.name" . }} + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name }} + component: master + spec: + securityContext: + fsGroup: 1001 + runAsUser: 1001 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: {{ template "mariadb.name" . }} + release: {{ .Release.Name }} + containers: + - name: "mariadb" + image: {{ template "mariadb.image" . }} + imagePullPolicy: "IfNotPresent" + env: + {{- if .Values.master.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: "{{ .Values.master.extraFlags }}" + {{- end }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-root-password + {{- if .Values.replication.enabled }} + - name: MARIADB_REPLICATION_MODE + value: "master" + - name: MARIADB_REPLICATION_USER + value: "replicator" + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-replication-password + {{- end }} + {{- if .Values.master.extraEnvVars }} + {{- tpl (toYaml .Values.master.extraEnvVars) $ | nindent 12 }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + livenessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + requests: + memory: {{ .Values.master.resources.requests.memory }} + cpu: {{ .Values.master.resources.requests.cpu }} + limits: + memory: {{ .Values.master.resources.limits.memory }} + cpu: {{ .Values.master.resources.limits.cpu }} + volumeMounts: + - name: data + mountPath: /data/mariadb + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + + - name: mariadb-exporter + image: prom/mysqld-exporter:v0.15.1 + ports: + - containerPort: 2121 + name: metrics-port + env: + - name: MYSQLD_EXPORTER_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-root-password + args: + - "--mysqld.username=root" + - "--web.listen-address=:2121" + - "--log.level=debug" + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-master-mariadb-configmap" + volumeClaimTemplates: + - metadata: + name: data + labels: + app: "{{ template "mariadb.name" . }}" + component: "master" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + spec: + accessModes: [ReadWriteOnce] + resources: + requests: storage: {{ .Values.master.persistence.size}} \ No newline at end of file diff --git a/charts/mariadb/templates/master-svc.yaml b/charts/mariadb/templates/master-svc.yaml index 586ce687..fb1e0603 100644 --- a/charts/mariadb/templates/master-svc.yaml +++ b/charts/mariadb/templates/master-svc.yaml @@ -1,23 +1,23 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "mariadb.fullname" . }} - labels: - app: "{{ template "mariadb.name" . }}" - component: "master" - chart: "{{ template "mariadb.chart" . }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - ports: - - name: mysql - port: 3306 - targetPort: mysql - - name: metrics-port - port: 2121 - targetPort: metrics-port - selector: - app: "{{ template "mariadb.name" . }}" - component: "master" - release: "{{ .Release.Name }}" +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + component: "master" + chart: "{{ template "mariadb.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + ports: + - name: mysql + port: 3306 + targetPort: mysql + - name: metrics-port + port: 2121 + targetPort: metrics-port + selector: + app: "{{ template "mariadb.name" . }}" + component: "master" + release: "{{ .Release.Name }}" diff --git a/charts/mariadb/templates/secrets.yaml b/charts/mariadb/templates/secrets.yaml index 0de4f2ca..74c241d3 100644 --- a/charts/mariadb/templates/secrets.yaml +++ b/charts/mariadb/templates/secrets.yaml @@ -1,27 +1,27 @@ -{{- $secretName := printf "%s-mariadb-secrets" .Release.Name }} - -{{/* Generate a strong root password only if not already set */}} -{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{- $rootPassword := $generatedRootPassword }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: "{{ .Release.Name }}-mariadb-secrets" - labels: - app: "{{ template "mariadb.name" . }}" - chart: "{{ template "mariadb.chart" . }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -type: Opaque -data: - {{- if .Release.IsInstall }} - mariadb-root-password: {{ $rootPassword | b64enc }} - mariadb-replication-password: {{ $rootPassword | b64enc }} - {{- else }} - mariadb-root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "mariadb-root-password" }} - mariadb-replication-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "mariadb-replication-password" }} - {{- end }} +{{- $secretName := printf "%s-mariadb-secrets" .Release.Name }} + +{{/* Generate a strong root password only if not already set */}} +{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{- $rootPassword := $generatedRootPassword }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mariadb-secrets" + labels: + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if .Release.IsInstall }} + mariadb-root-password: {{ $rootPassword | b64enc }} + mariadb-replication-password: {{ $rootPassword | b64enc }} + {{- else }} + mariadb-root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "mariadb-root-password" }} + mariadb-replication-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "mariadb-replication-password" }} + {{- end }} \ No newline at end of file diff --git a/charts/mariadb/templates/slave-configmap.yaml b/charts/mariadb/templates/slave-configmap.yaml index aafd4a6b..44ccacbd 100644 --- a/charts/mariadb/templates/slave-configmap.yaml +++ b/charts/mariadb/templates/slave-configmap.yaml @@ -1,35 +1,35 @@ -{{- if .Values.replication.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-slave-mariadb-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: slave -data: - my.cnf: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-slave-mariadb-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: slave +data: + my.cnf: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + {{- end}} \ No newline at end of file diff --git a/charts/mariadb/templates/slave-serviceMonitor.yaml b/charts/mariadb/templates/slave-serviceMonitor.yaml index d60ac69d..49c2ced0 100644 --- a/charts/mariadb/templates/slave-serviceMonitor.yaml +++ b/charts/mariadb/templates/slave-serviceMonitor.yaml @@ -1,16 +1,16 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-mariadb-slave - labels: - release: prometheus -spec: - selector: - matchLabels: - app: "{{ template "mariadb.name" . }}" - component: "slave" - release: "{{ .Release.Name }}" - endpoints: - - port: metrics-port - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-mariadb-slave + labels: + release: prometheus +spec: + selector: + matchLabels: + app: "{{ template "mariadb.name" . }}" + component: "slave" + release: "{{ .Release.Name }}" + endpoints: + - port: metrics-port + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/mariadb/templates/slave-statefulset.yaml b/charts/mariadb/templates/slave-statefulset.yaml index 6fadddc9..08ab6499 100644 --- a/charts/mariadb/templates/slave-statefulset.yaml +++ b/charts/mariadb/templates/slave-statefulset.yaml @@ -1,161 +1,161 @@ -{{- if .Values.replication.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "slave.fullname" . }} - labels: - app: {{ template "mariadb.name" . }} - chart: {{ template "mariadb.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: slave -spec: - selector: - matchLabels: - app: {{ template "mariadb.name" . }} - release: {{ .Release.Name }} - component: slave - serviceName: {{ template "slave.fullname" . }} - replicas: {{ .Values.slave.replicas }} - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: {{ template "mariadb.name" . }} - chart: {{ template "mariadb.chart" . }} - release: {{ .Release.Name }} - component: slave - spec: - securityContext: - fsGroup: 1001 - runAsUser: 1001 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app: {{ template "mariadb.name" . }} - release: {{ .Release.Name }} - containers: - - name: "mariadb" - image: {{ template "mariadb.image" . }} - imagePullPolicy: "IfNotPresent" - env: - - name: MARIADB_REPLICATION_MODE - value: "slave" - - name: MARIADB_MASTER_HOST - value: {{ template "mariadb.fullname" . }} - - name: MARIADB_MASTER_PORT_NUMBER - value: "3306" - - name: MARIADB_MASTER_ROOT_USER - value: "root" - - name: MARIADB_MASTER_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-root-password - - name: MARIADB_REPLICATION_USER - value: "replicator" - - name: MARIADB_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-replication-password - {{- if .Values.slave.extraEnvVars }} - {{- tpl (toYaml .Values.slave.extraEnvVars) $ | nindent 12 }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - livenessProbe: - exec: - command: - - sh - - -c - - | - password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" - if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then - password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE) - fi - mysqladmin status -uroot -p$password_aux - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - exec: - command: - - sh - - -c - - | - password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" - if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then - password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE) - fi - mysqladmin status -uroot -p$password_aux - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - {{- if .Values.slave.resources }} - resources: - requests: - memory: {{ .Values.slave.resources.requests.memory }} - cpu: {{ .Values.slave.resources.requests.cpu }} - limits: - memory: {{ .Values.slave.resources.limits.memory }} - cpu: {{ .Values.slave.resources.limits.cpu }} - {{- end }} - volumeMounts: - - name: data - mountPath: /data/mariadb - - name: config - mountPath: /opt/bitnami/mariadb/conf/my.cnf - subPath: my.cnf - - - name: mariadb-exporter - image: prom/mysqld-exporter:v0.15.1 - ports: - - name: metrics-port - containerPort: 2121 - env: - - name: MYSQLD_EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mariadb-secrets" - key: mariadb-root-password - args: - - "--mysqld.username=root" - - "--web.listen-address=:2121" - - "--log.level=debug" - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "200m" - volumes: - - name: config - configMap: - name: "{{ .Release.Name }}-slave-mariadb-configmap" - volumeClaimTemplates: - - metadata: - name: data - labels: - app: "{{ template "mariadb.name" . }}" - component: "slave" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - spec: - accessModes: [ReadWriteOnce] - resources: - requests: - storage: {{ .Values.slave.persistence.size}} +{{- if .Values.replication.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "slave.fullname" . }} + labels: + app: {{ template "mariadb.name" . }} + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: slave +spec: + selector: + matchLabels: + app: {{ template "mariadb.name" . }} + release: {{ .Release.Name }} + component: slave + serviceName: {{ template "slave.fullname" . }} + replicas: {{ .Values.slave.replicas }} + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "mariadb.name" . }} + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name }} + component: slave + spec: + securityContext: + fsGroup: 1001 + runAsUser: 1001 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: {{ template "mariadb.name" . }} + release: {{ .Release.Name }} + containers: + - name: "mariadb" + image: {{ template "mariadb.image" . }} + imagePullPolicy: "IfNotPresent" + env: + - name: MARIADB_REPLICATION_MODE + value: "slave" + - name: MARIADB_MASTER_HOST + value: {{ template "mariadb.fullname" . }} + - name: MARIADB_MASTER_PORT_NUMBER + value: "3306" + - name: MARIADB_MASTER_ROOT_USER + value: "root" + - name: MARIADB_MASTER_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-root-password + - name: MARIADB_REPLICATION_USER + value: "replicator" + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-replication-password + {{- if .Values.slave.extraEnvVars }} + {{- tpl (toYaml .Values.slave.extraEnvVars) $ | nindent 12 }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + livenessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + {{- if .Values.slave.resources }} + resources: + requests: + memory: {{ .Values.slave.resources.requests.memory }} + cpu: {{ .Values.slave.resources.requests.cpu }} + limits: + memory: {{ .Values.slave.resources.limits.memory }} + cpu: {{ .Values.slave.resources.limits.cpu }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data/mariadb + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + + - name: mariadb-exporter + image: prom/mysqld-exporter:v0.15.1 + ports: + - name: metrics-port + containerPort: 2121 + env: + - name: MYSQLD_EXPORTER_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mariadb-secrets" + key: mariadb-root-password + args: + - "--mysqld.username=root" + - "--web.listen-address=:2121" + - "--log.level=debug" + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-slave-mariadb-configmap" + volumeClaimTemplates: + - metadata: + name: data + labels: + app: "{{ template "mariadb.name" . }}" + component: "slave" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: {{ .Values.slave.persistence.size}} {{- end }} \ No newline at end of file diff --git a/charts/mariadb/templates/slave-svc.yaml b/charts/mariadb/templates/slave-svc.yaml index 158094f4..8184a7da 100644 --- a/charts/mariadb/templates/slave-svc.yaml +++ b/charts/mariadb/templates/slave-svc.yaml @@ -1,23 +1,23 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "slave.fullname" . }} - labels: - app: "{{ template "mariadb.name" . }}" - chart: "{{ template "mariadb.chart" . }}" - component: "slave" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - ports: - - name: mysql - port: 3306 - targetPort: mysql - - name: metrics-port - port: 2121 - targetPort: metrics-port - selector: - app: "{{ template "mariadb.name" . }}" - component: "slave" - release: "{{ .Release.Name }}" +apiVersion: v1 +kind: Service +metadata: + name: {{ template "slave.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" + component: "slave" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + ports: + - name: mysql + port: 3306 + targetPort: mysql + - name: metrics-port + port: 2121 + targetPort: metrics-port + selector: + app: "{{ template "mariadb.name" . }}" + component: "slave" + release: "{{ .Release.Name }}" diff --git a/charts/mariadb/values.schema.json b/charts/mariadb/values.schema.json index f2024e0d..25edb4b7 100644 --- a/charts/mariadb/values.schema.json +++ b/charts/mariadb/values.schema.json @@ -1,165 +1,165 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "title": "MariaDB Helm Chart Values", - "description": "Configuration values for MariaDB Helm chart", - "properties": { - "version": { - "type": "string", - "description": "MariaDB version to deploy", - "default": "10.3.22-debian-10-r27", - "mutable": true - }, - "replication": { - "type": "object", - "description": "Replication configuration", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable MariaDB replication", - "default": true, - "mutable": true - } - } - }, - "master": { - "type": "object", - "description": "Master node configuration", - "properties": { - "resources": { - "type": "object", - "description": "Resource requests and limits for master pod", - "properties": { - "requests": { - "type": "object", - "description": "Resource requests", - "properties": { - "cpu": { - "type": "string", - "description": "CPU request for master pod", - "pattern": "^[0-9]+m?$", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "description": "Memory request for master pod", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "256M", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "description": "Resource limits", - "properties": { - "cpu": { - "type": "string", - "description": "CPU limit for master pod", - "pattern": "^[0-9]+m?$", - "default": "1500m", - "mutable": true - }, - "memory": { - "type": "string", - "description": "Memory limit for master pod", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "1Gi", - "mutable": true - } - } - } - } - }, - "persistence": { - "type": "object", - "description": "Persistence configuration for master", - "properties": { - "size": { - "type": "string", - "description": "Size of the persistent volume for master", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - } - } - } - } - }, - "slave": { - "type": "object", - "description": "Slave node configuration", - "properties": { - "replicas": { - "type": "integer", - "description": "Number of slave replicas", - "minimum": 1, - "default": 1, - "mutable": true - }, - "resources": { - "type": "object", - "description": "Resource requests and limits for slave pods", - "properties": { - "requests": { - "type": "object", - "description": "Resource requests", - "properties": { - "cpu": { - "type": "string", - "description": "CPU request for slave pod", - "pattern": "^[0-9]+m?$", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "description": "Memory request for slave pod", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "256M", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "description": "Resource limits", - "properties": { - "cpu": { - "type": "string", - "description": "CPU limit for slave pod", - "pattern": "^[0-9]+m?$", - "default": "1500m", - "mutable": true - }, - "memory": { - "type": "string", - "description": "Memory limit for slave pod", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "1Gi", - "mutable": true - } - } - } - } - }, - "persistence": { - "type": "object", - "description": "Persistence configuration for slave", - "properties": { - "size": { - "type": "string", - "description": "Size of the persistent volume for slave", - "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - } - } - } - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "title": "MariaDB Helm Chart Values", + "description": "Configuration values for MariaDB Helm chart", + "properties": { + "version": { + "type": "string", + "description": "MariaDB version to deploy", + "default": "10.3.22-debian-10-r27", + "mutable": true + }, + "replication": { + "type": "object", + "description": "Replication configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable MariaDB replication", + "default": true, + "mutable": true + } + } + }, + "master": { + "type": "object", + "description": "Master node configuration", + "properties": { + "resources": { + "type": "object", + "description": "Resource requests and limits for master pod", + "properties": { + "requests": { + "type": "object", + "description": "Resource requests", + "properties": { + "cpu": { + "type": "string", + "description": "CPU request for master pod", + "pattern": "^[0-9]+m?$", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "description": "Memory request for master pod", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "256M", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "description": "Resource limits", + "properties": { + "cpu": { + "type": "string", + "description": "CPU limit for master pod", + "pattern": "^[0-9]+m?$", + "default": "1500m", + "mutable": true + }, + "memory": { + "type": "string", + "description": "Memory limit for master pod", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "1Gi", + "mutable": true + } + } + } + } + }, + "persistence": { + "type": "object", + "description": "Persistence configuration for master", + "properties": { + "size": { + "type": "string", + "description": "Size of the persistent volume for master", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + } + } + } + } + }, + "slave": { + "type": "object", + "description": "Slave node configuration", + "properties": { + "replicas": { + "type": "integer", + "description": "Number of slave replicas", + "minimum": 1, + "default": 1, + "mutable": true + }, + "resources": { + "type": "object", + "description": "Resource requests and limits for slave pods", + "properties": { + "requests": { + "type": "object", + "description": "Resource requests", + "properties": { + "cpu": { + "type": "string", + "description": "CPU request for slave pod", + "pattern": "^[0-9]+m?$", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "description": "Memory request for slave pod", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "256M", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "description": "Resource limits", + "properties": { + "cpu": { + "type": "string", + "description": "CPU limit for slave pod", + "pattern": "^[0-9]+m?$", + "default": "1500m", + "mutable": true + }, + "memory": { + "type": "string", + "description": "Memory limit for slave pod", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "1Gi", + "mutable": true + } + } + } + } + }, + "persistence": { + "type": "object", + "description": "Persistence configuration for slave", + "properties": { + "size": { + "type": "string", + "description": "Size of the persistent volume for slave", + "pattern": "^[0-9]+[KMGTPEZYkmgtpezy]i?$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + } + } + } + } + } + } } \ No newline at end of file diff --git a/charts/mariadb/values.yaml b/charts/mariadb/values.yaml index c47a4b23..5cd69528 100644 --- a/charts/mariadb/values.yaml +++ b/charts/mariadb/values.yaml @@ -1,29 +1,29 @@ -version: 10.3.22-debian-10-r27 - -replication: - enabled: true - -master: - resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1Gi" - persistence: - size: 10Gi - -slave: - replicas: 1 - - resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1Gi" - - persistence: - size: 10Gi +version: 10.3.22-debian-10-r27 + +replication: + enabled: true + +master: + resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1Gi" + persistence: + size: 10Gi + +slave: + replicas: 1 + + resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1Gi" + + persistence: + size: 10Gi diff --git a/charts/mysql/Chart.yaml b/charts/mysql/Chart.yaml index 25a253ce..18f29a1c 100644 --- a/charts/mysql/Chart.yaml +++ b/charts/mysql/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying mysql datastore -name: mysql -version: 0.0.16 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying mysql datastore +name: mysql +version: 0.0.16 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/mysql/Readme.md b/charts/mysql/Readme.md index 2c794109..5b13f668 100644 --- a/charts/mysql/Readme.md +++ b/charts/mysql/Readme.md @@ -1,165 +1,165 @@ -# MySQL Helm Chart - -The MySQL Helm chart provides an easy way to deploy and manage MySQL instances in your Kubernetes environment. This chart includes configurations for persistence, resource management, and scalability to suit various use cases. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - -## Add Helm Repository - -Before installing the MySQL chart, add the repository to your Helm installation and update the repository index: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more details. - ---- - -## Install Helm Chart - -To install the MySQL Helm chart, run the following command: - -```bash -helm install [RELEASE_NAME] zopdev/mysql -``` - -Replace `[RELEASE_NAME]` with your desired release name. - -For example: - -```bash -helm install my-mysql zopdev/mysql -``` - -You can customize the installation by providing a custom `values.yaml` file or overriding values via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To uninstall the MySQL Helm chart and remove all associated Kubernetes resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-mysql -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The following table describes the configurable parameters of the MySQL Helm chart and their default values: - -| **Input** | **Type** | **Description** | **Default** | -|-------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| -| `mysqlRootPassword` | `string` | Root password for the MySQL instance. Leave unset for default random generation. | _None_ | -| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | -| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing MySQL data. | `"10Gi"` | -| `image` | `string` | Docker image and tag for the MySQL container. | `mysql:8.0` | -| `resources.requests.cpu`| `string` | Minimum CPU resources required by the MySQL container. | `"500m"` | -| `resources.requests.memory`| `string`| Minimum memory resources required by the MySQL container. | `"256M"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the MySQL container can use. | `"1500m"` | -| `resources.limits.memory`| `string` | Maximum memory resources the MySQL container can use. | `"1Gi"` | -| `customMyCnf` | `string` | Custom MySQL configuration to be layered on top of the default config. Provided as a full INI file. | `""` | - -You can override these values in your `values.yaml` file or pass them as flags when installing the chart. - -### Example `values.yaml` File - -```yaml -diskSize: "10Gi" - -# Resource configuration -resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1024M" - -version: "8.0" - -customMyCnf: "" -``` - -To use this configuration, save it in a `values.yaml` file and pass it to the Helm install command: - -```bash -helm install my-mysql zopdev/mysql -f values.yaml -``` - -### Example: Providing Custom MySQL Configuration - -To override or add to the default MySQL configuration, provide your own `my.cnf` content using the `customMyCnf` value. This will be mounted as `/etc/mysql/conf.d/custom.cnf` in the container and layered on top of the default config. - -Example `values.yaml`: - -```yaml -customMyCnf: | - [mysqld] - max_connections = 200 - sql_mode = STRICT_ALL_TABLES -``` - -This allows you to specify any MySQL configuration options you need, without losing the chart's defaults. - ---- - -## Features - -- **Persistence:** The chart supports persistent volume claims to store MySQL data across pod restarts. -- **Customizable Resources:** Define resource requests and limits to optimize performance and manage costs. -- **Scalable:** Use the `updateStrategy` configuration to handle updates with zero downtime. -- **Pre-configured Settings:** Defaults are optimized for a variety of workloads. - ---- - -## Advanced Usage - -### Custom Secrets for Root Password - -You can provide a pre-existing Kubernetes secret for the MySQL root password. To enable this, modify the `values.yaml` file with the secret name: - -```yaml -mysqlRootPassword: - secretName: my-mysql-secret -``` - -Ensure the secret is created before deploying the chart: - -```bash -kubectl create secret generic my-mysql-secret --from-literal=mysql-root-password=my-secure-password -``` - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for guidelines. - ---- - -## Code of Conduct - -To ensure a respectful and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# MySQL Helm Chart + +The MySQL Helm chart provides an easy way to deploy and manage MySQL instances in your Kubernetes environment. This chart includes configurations for persistence, resource management, and scalability to suit various use cases. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +## Add Helm Repository + +Before installing the MySQL chart, add the repository to your Helm installation and update the repository index: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more details. + +--- + +## Install Helm Chart + +To install the MySQL Helm chart, run the following command: + +```bash +helm install [RELEASE_NAME] zopdev/mysql +``` + +Replace `[RELEASE_NAME]` with your desired release name. + +For example: + +```bash +helm install my-mysql zopdev/mysql +``` + +You can customize the installation by providing a custom `values.yaml` file or overriding values via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To uninstall the MySQL Helm chart and remove all associated Kubernetes resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-mysql +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The following table describes the configurable parameters of the MySQL Helm chart and their default values: + +| **Input** | **Type** | **Description** | **Default** | +|-------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| +| `mysqlRootPassword` | `string` | Root password for the MySQL instance. Leave unset for default random generation. | _None_ | +| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | +| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing MySQL data. | `"10Gi"` | +| `image` | `string` | Docker image and tag for the MySQL container. | `mysql:8.0` | +| `resources.requests.cpu`| `string` | Minimum CPU resources required by the MySQL container. | `"500m"` | +| `resources.requests.memory`| `string`| Minimum memory resources required by the MySQL container. | `"256M"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the MySQL container can use. | `"1500m"` | +| `resources.limits.memory`| `string` | Maximum memory resources the MySQL container can use. | `"1Gi"` | +| `customMyCnf` | `string` | Custom MySQL configuration to be layered on top of the default config. Provided as a full INI file. | `""` | + +You can override these values in your `values.yaml` file or pass them as flags when installing the chart. + +### Example `values.yaml` File + +```yaml +diskSize: "10Gi" + +# Resource configuration +resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1024M" + +version: "8.0" + +customMyCnf: "" +``` + +To use this configuration, save it in a `values.yaml` file and pass it to the Helm install command: + +```bash +helm install my-mysql zopdev/mysql -f values.yaml +``` + +### Example: Providing Custom MySQL Configuration + +To override or add to the default MySQL configuration, provide your own `my.cnf` content using the `customMyCnf` value. This will be mounted as `/etc/mysql/conf.d/custom.cnf` in the container and layered on top of the default config. + +Example `values.yaml`: + +```yaml +customMyCnf: | + [mysqld] + max_connections = 200 + sql_mode = STRICT_ALL_TABLES +``` + +This allows you to specify any MySQL configuration options you need, without losing the chart's defaults. + +--- + +## Features + +- **Persistence:** The chart supports persistent volume claims to store MySQL data across pod restarts. +- **Customizable Resources:** Define resource requests and limits to optimize performance and manage costs. +- **Scalable:** Use the `updateStrategy` configuration to handle updates with zero downtime. +- **Pre-configured Settings:** Defaults are optimized for a variety of workloads. + +--- + +## Advanced Usage + +### Custom Secrets for Root Password + +You can provide a pre-existing Kubernetes secret for the MySQL root password. To enable this, modify the `values.yaml` file with the secret name: + +```yaml +mysqlRootPassword: + secretName: my-mysql-secret +``` + +Ensure the secret is created before deploying the chart: + +```bash +kubectl create secret generic my-mysql-secret --from-literal=mysql-root-password=my-secure-password +``` + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for guidelines. + +--- + +## Code of Conduct + +To ensure a respectful and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/mysql/templates/_helpers.tpl b/charts/mysql/templates/_helpers.tpl index bdff99d3..48d73e03 100644 --- a/charts/mysql/templates/_helpers.tpl +++ b/charts/mysql/templates/_helpers.tpl @@ -1,3 +1,3 @@ -{{- define "mysql.fullname" -}} -{{- printf "%s-mysql" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- define "mysql.fullname" -}} +{{- printf "%s-mysql" .Release.Name | trunc 63 | trimSuffix "-" -}} {{- end -}} \ No newline at end of file diff --git a/charts/mysql/templates/alerts.yaml b/charts/mysql/templates/alerts.yaml index 4ca437c2..d5af6303 100644 --- a/charts/mysql/templates/alerts.yaml +++ b/charts/mysql/templates/alerts.yaml @@ -1,89 +1,89 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-mysql.rules - rules: - - alert: MysqlDown - expr: mysql_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'All MySQL instances of {{ .Release.Name }} are down' - description: 'MySQL instance of {{ .Release.Name }} are down' - - - alert: MysqlTooManyConnections - expr: | - max_over_time(mysql_global_status_threads_connected{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) - / mysql_global_variables_max_connections{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} * 100 > 80 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MySQL instance {{ .Release.Name }} has too many connections' - description: 'More than 80% of MySQL connections of {{ .Release.Name }} are in use' - - - alert: MysqlHighPreparedStatementsUtilization - expr: | - max_over_time(mysql_global_status_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) - / mysql_global_variables_max_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} * 100 > 80 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MySQL instance {{ .Release.Name }} high prepared statements utilization' - description: 'MySQL instance {{ .Release.Name }} has high utilization of prepared statements' - - - alert: MysqlSlowQueries - expr: increase(mysql_global_status_slow_queries{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) > 0 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MySQL instance {{ .Release.Name }} slow queries' - description: 'MySQL instance {{ .Release.Name }} has new slow queries' - - - alert: MysqlRestarted - expr: mysql_global_status_uptime{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} < 60 - for: 0m - labels: - severity: info - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MySQL instance {{ .Release.Name }} restarted' - description: 'MySQL instance {{ .Release.Name }} restarted < 1 minute ago' - - - alert: MysqlHighQps - expr: irate(mysql_global_status_questions{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) > 10000 - for: 2m - labels: - severity: info - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'MySQL instance {{ .Release.Name }} has High QPS' - description: 'MySQL instance {{ .Release.Name }} is experiencing high QPS (> 10k)' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-mysql.rules + rules: + - alert: MysqlDown + expr: mysql_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'All MySQL instances of {{ .Release.Name }} are down' + description: 'MySQL instance of {{ .Release.Name }} are down' + + - alert: MysqlTooManyConnections + expr: | + max_over_time(mysql_global_status_threads_connected{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) + / mysql_global_variables_max_connections{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} * 100 > 80 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MySQL instance {{ .Release.Name }} has too many connections' + description: 'More than 80% of MySQL connections of {{ .Release.Name }} are in use' + + - alert: MysqlHighPreparedStatementsUtilization + expr: | + max_over_time(mysql_global_status_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) + / mysql_global_variables_max_prepared_stmt_count{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} * 100 > 80 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MySQL instance {{ .Release.Name }} high prepared statements utilization' + description: 'MySQL instance {{ .Release.Name }} has high utilization of prepared statements' + + - alert: MysqlSlowQueries + expr: increase(mysql_global_status_slow_queries{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) > 0 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MySQL instance {{ .Release.Name }} slow queries' + description: 'MySQL instance {{ .Release.Name }} has new slow queries' + + - alert: MysqlRestarted + expr: mysql_global_status_uptime{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"} < 60 + for: 0m + labels: + severity: info + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MySQL instance {{ .Release.Name }} restarted' + description: 'MySQL instance {{ .Release.Name }} restarted < 1 minute ago' + + - alert: MysqlHighQps + expr: irate(mysql_global_status_questions{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-mysql-.*"}[1m]) > 10000 + for: 2m + labels: + severity: info + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'MySQL instance {{ .Release.Name }} has High QPS' + description: 'MySQL instance {{ .Release.Name }} is experiencing high QPS (> 10k)' diff --git a/charts/mysql/templates/custom-mycnf-configmap.yaml b/charts/mysql/templates/custom-mycnf-configmap.yaml index cdc1f8d8..a85f9d2f 100644 --- a/charts/mysql/templates/custom-mycnf-configmap.yaml +++ b/charts/mysql/templates/custom-mycnf-configmap.yaml @@ -1,9 +1,9 @@ -{{- if .Values.customMyCnf }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.fullname" . }}-custom-mycnf -data: - custom.cnf: |- - {{ .Values.customMyCnf | nindent 4 }} +{{- if .Values.customMyCnf }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mysql.fullname" . }}-custom-mycnf +data: + custom.cnf: |- + {{ .Values.customMyCnf | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/charts/mysql/templates/database-pod.yaml b/charts/mysql/templates/database-pod.yaml index fcb8afad..06985006 100644 --- a/charts/mysql/templates/database-pod.yaml +++ b/charts/mysql/templates/database-pod.yaml @@ -1,29 +1,29 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Pod -metadata: - name: mysql-init-{{ $.Release.Name }}-{{ $service.name }} - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: mysql-init-role - image: imega/mysql-client - command: ["mysql"] - args: - ["-h", "{{ $.Release.Name }}-mysql", "-u", "root", "-p$(ROOTPASSWORD)", "-e", "source /etc/config/db-init.sql"] - env: - - name: ROOTPASSWORD - valueFrom: - secretKeyRef: - name: {{$.Release.Name}}-mysql-root-secret - key: root-password - volumeMounts: - - name: secret-volume - mountPath: /etc/config - volumes: - - name: secret-volume - configMap: - name: {{$.Release.Name}}-{{ .name }}-init-script - restartPolicy: OnFailure ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Pod +metadata: + name: mysql-init-{{ $.Release.Name }}-{{ $service.name }} + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: mysql-init-role + image: imega/mysql-client + command: ["mysql"] + args: + ["-h", "{{ $.Release.Name }}-mysql", "-u", "root", "-p$(ROOTPASSWORD)", "-e", "source /etc/config/db-init.sql"] + env: + - name: ROOTPASSWORD + valueFrom: + secretKeyRef: + name: {{$.Release.Name}}-mysql-root-secret + key: root-password + volumeMounts: + - name: secret-volume + mountPath: /etc/config + volumes: + - name: secret-volume + configMap: + name: {{$.Release.Name}}-{{ .name }}-init-script + restartPolicy: OnFailure +--- {{- end }} \ No newline at end of file diff --git a/charts/mysql/templates/init-script-config-map.yaml b/charts/mysql/templates/init-script-config-map.yaml index f7749f62..e376db5a 100644 --- a/charts/mysql/templates/init-script-config-map.yaml +++ b/charts/mysql/templates/init-script-config-map.yaml @@ -1,66 +1,66 @@ -{{- range $index, $service := .Values.services }} -{{- $maxLen := 27 }} -{{- $randomSuffix := randAlphaNum 4 | lower }} -{{- $trimmedName := trunc $maxLen $service.name }} -{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} -{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{/* Define Secret Name */}} -{{- $secretName := printf "%s-%s-%s-mysql-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} - -{{/* Retrieve existing secret (if any) */}} -{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} - -{{/* Use existing values if available, otherwise generate new ones */}} -{{- $username := $generatedUsername }} -{{- $password := $generatedPassword }} - -{{- if $existingSecret }} - {{- with $existingSecret.data }} - {{- if hasKey . "DB_USER" }} - {{- $username = index . "DB_USER" | b64dec }} - {{- end }} - {{- if hasKey . "DB_PASSWORD" }} - {{- $password = index . "DB_PASSWORD" | b64dec }} - {{- end }} - {{- end }} -{{- end }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mysql-configmap - namespace: {{ $.Release.Namespace }} -data: - DB_DIALECT: "mysql" - DB_USER: "{{ $username }}" - DB_PORT: "3306" - DB_NAME: "{{ $service.database }}" - DB_HOST: "{{ $.Release.Name }}-mysql" ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - DB_PASSWORD: {{ $password | b64enc }} - DB_USER: {{ $username | b64enc }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - namespace: {{ $.Release.Namespace }} -data: - db-init.sql: | - CREATE DATABASE IF NOT EXISTS `{{ $service.database }}`; - USE `{{ $service.database }}`; - - CREATE USER IF NOT EXISTS '{{ $username }}'@'%' IDENTIFIED BY '{{ $password }}'; - - GRANT CREATE, ALTER, USAGE ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; - GRANT INSERT, INDEX, REFERENCES, SELECT, UPDATE, DELETE, DROP ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; +{{- range $index, $service := .Values.services }} +{{- $maxLen := 27 }} +{{- $randomSuffix := randAlphaNum 4 | lower }} +{{- $trimmedName := trunc $maxLen $service.name }} +{{- $generatedUsername := printf "%s-%s" $trimmedName $randomSuffix }} +{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{/* Define Secret Name */}} +{{- $secretName := printf "%s-%s-%s-mysql-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} + +{{/* Retrieve existing secret (if any) */}} +{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} + +{{/* Use existing values if available, otherwise generate new ones */}} +{{- $username := $generatedUsername }} +{{- $password := $generatedPassword }} + +{{- if $existingSecret }} + {{- with $existingSecret.data }} + {{- if hasKey . "DB_USER" }} + {{- $username = index . "DB_USER" | b64dec }} + {{- end }} + {{- if hasKey . "DB_PASSWORD" }} + {{- $password = index . "DB_PASSWORD" | b64dec }} + {{- end }} + {{- end }} +{{- end }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-mysql-configmap + namespace: {{ $.Release.Namespace }} +data: + DB_DIALECT: "mysql" + DB_USER: "{{ $username }}" + DB_PORT: "3306" + DB_NAME: "{{ $service.database }}" + DB_HOST: "{{ $.Release.Name }}-mysql" +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ $.Release.Namespace }} +type: Opaque +data: + DB_PASSWORD: {{ $password | b64enc }} + DB_USER: {{ $username | b64enc }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + namespace: {{ $.Release.Namespace }} +data: + db-init.sql: | + CREATE DATABASE IF NOT EXISTS `{{ $service.database }}`; + USE `{{ $service.database }}`; + + CREATE USER IF NOT EXISTS '{{ $username }}'@'%' IDENTIFIED BY '{{ $password }}'; + + GRANT CREATE, ALTER, USAGE ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; + GRANT INSERT, INDEX, REFERENCES, SELECT, UPDATE, DELETE, DROP ON `{{ $service.database }}`.* TO '{{ $username }}'@'%'; {{- end }} \ No newline at end of file diff --git a/charts/mysql/templates/secret.yaml b/charts/mysql/templates/secret.yaml index 0f5bceb5..6b72ae7d 100644 --- a/charts/mysql/templates/secret.yaml +++ b/charts/mysql/templates/secret.yaml @@ -1,20 +1,20 @@ -{{- $secretName := printf "%s-mysql-root-secret" .Release.Name }} - -{{/* Generate a strong root password only if not already set */}} -{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{- $rootPassword := $generatedRootPassword }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - {{- if .Release.IsInstall }} - root-password: {{ $rootPassword | b64enc }} - {{ else }} - root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} +{{- $secretName := printf "%s-mysql-root-secret" .Release.Name }} + +{{/* Generate a strong root password only if not already set */}} +{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{- $rootPassword := $generatedRootPassword }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{- if .Release.IsInstall }} + root-password: {{ $rootPassword | b64enc }} + {{ else }} + root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} {{ end }} \ No newline at end of file diff --git a/charts/mysql/templates/service.yaml b/charts/mysql/templates/service.yaml index 5bea8c76..4f894b62 100644 --- a/charts/mysql/templates/service.yaml +++ b/charts/mysql/templates/service.yaml @@ -1,19 +1,19 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-mysql - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-mysql -spec: - ports: - - port: 3306 - targetPort: 3306 - protocol: TCP - name: mysql - - port: 2121 - targetPort: 2121 - name: metrics-port - selector: - app: {{ .Release.Name }}-mysql +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-mysql + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }}-mysql +spec: + ports: + - port: 3306 + targetPort: 3306 + protocol: TCP + name: mysql + - port: 2121 + targetPort: 2121 + name: metrics-port + selector: + app: {{ .Release.Name }}-mysql type: NodePort \ No newline at end of file diff --git a/charts/mysql/templates/serviceMonitor.yaml b/charts/mysql/templates/serviceMonitor.yaml index 108cf333..4cf734f7 100644 --- a/charts/mysql/templates/serviceMonitor.yaml +++ b/charts/mysql/templates/serviceMonitor.yaml @@ -1,15 +1,15 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-mysql - labels: - app: {{ .Release.Name }}-mysql - release: prometheus -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-mysql - endpoints: - - port: metrics-port - interval: 30s - path: /metrics +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-mysql + labels: + app: {{ .Release.Name }}-mysql + release: prometheus +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-mysql + endpoints: + - port: metrics-port + interval: 30s + path: /metrics diff --git a/charts/mysql/templates/statefulset.yaml b/charts/mysql/templates/statefulset.yaml index a124250d..36db4494 100644 --- a/charts/mysql/templates/statefulset.yaml +++ b/charts/mysql/templates/statefulset.yaml @@ -1,99 +1,99 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-mysql - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/part-of: mysql - app: {{ .Release.Name }}-mysql -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/part-of: mysql - app: {{ .Release.Name }}-mysql - serviceName: "{{ .Release.Name }}-mysql" - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/part-of: mysql - app: {{ .Release.Name }}-mysql - spec: - containers: - - name: mysql - image: mysql:{{ .Values.version }} - args: - - "--default-authentication-plugin=mysql_native_password" - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu}} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mysql-root-secret - key: root-password - - name: MYSQL_DEFAULT_AUTH - value: mysql_native_password - ports: - - containerPort: 3306 - livenessProbe: - exec: - command: - - "/bin/sh" - - "-c" - - "mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD" - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - exec: - command: - - "/bin/sh" - - "-c" - - "mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD" - initialDelaySeconds: 5 - periodSeconds: 10 - volumeMounts: - - name: {{.Release.Name }}-mysql-persistent-storage - mountPath: /var/lib/mysql -{{- if .Values.customMyCnf }} - - name: custom-mycnf - mountPath: /etc/mysql/conf.d/custom.cnf - subPath: custom.cnf -{{- end }} - - name: mysql-exporter - image: prom/mysqld-exporter:v0.15.1 - ports: - - containerPort: 2121 - name: metrics - env: - - name: MYSQLD_EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mysql-root-secret - key: root-password - args: - - "--mysqld.username=root" - - "--web.listen-address=:2121" - - "--log.level=debug" -{{- if .Values.customMyCnf }} - volumes: - - name: custom-mycnf - configMap: - name: {{ include "mysql.fullname" . }}-custom-mycnf -{{- end }} - volumeClaimTemplates: - - metadata: - name: {{.Release.Name }}-mysql-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.diskSize }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-mysql + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: mysql + app: {{ .Release.Name }}-mysql +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/part-of: mysql + app: {{ .Release.Name }}-mysql + serviceName: "{{ .Release.Name }}-mysql" + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/part-of: mysql + app: {{ .Release.Name }}-mysql + spec: + containers: + - name: mysql + image: mysql:{{ .Values.version }} + args: + - "--default-authentication-plugin=mysql_native_password" + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu}} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mysql-root-secret + key: root-password + - name: MYSQL_DEFAULT_AUTH + value: mysql_native_password + ports: + - containerPort: 3306 + livenessProbe: + exec: + command: + - "/bin/sh" + - "-c" + - "mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD" + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - "/bin/sh" + - "-c" + - "mysqladmin ping -u root -p$MYSQL_ROOT_PASSWORD" + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - name: {{.Release.Name }}-mysql-persistent-storage + mountPath: /var/lib/mysql +{{- if .Values.customMyCnf }} + - name: custom-mycnf + mountPath: /etc/mysql/conf.d/custom.cnf + subPath: custom.cnf +{{- end }} + - name: mysql-exporter + image: prom/mysqld-exporter:v0.15.1 + ports: + - containerPort: 2121 + name: metrics + env: + - name: MYSQLD_EXPORTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mysql-root-secret + key: root-password + args: + - "--mysqld.username=root" + - "--web.listen-address=:2121" + - "--log.level=debug" +{{- if .Values.customMyCnf }} + volumes: + - name: custom-mycnf + configMap: + name: {{ include "mysql.fullname" . }}-custom-mycnf +{{- end }} + volumeClaimTemplates: + - metadata: + name: {{.Release.Name }}-mysql-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.diskSize }} diff --git a/charts/mysql/values.schema.json b/charts/mysql/values.schema.json index 78809aa0..d9abf5dc 100644 --- a/charts/mysql/values.schema.json +++ b/charts/mysql/values.schema.json @@ -1,71 +1,71 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "diskSize": { - "type": "string", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "customMyCnf": { - "type": "string", - "default": "", - "mutable": true - }, - "version": { - "default": "8.0", - "mutable": true - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "256M", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "1500m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "1024M", - "mutable": true - } - } - } - } - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "database": { - "type": "string" - } - }, - "required": ["name", "database"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "diskSize": { + "type": "string", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "customMyCnf": { + "type": "string", + "default": "", + "mutable": true + }, + "version": { + "default": "8.0", + "mutable": true + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "256M", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "1500m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "1024M", + "mutable": true + } + } + } + } + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "database": { + "type": "string" + } + }, + "required": ["name", "database"] + } + } + } } \ No newline at end of file diff --git a/charts/mysql/values.yaml b/charts/mysql/values.yaml index f1c2f866..b53030b5 100644 --- a/charts/mysql/values.yaml +++ b/charts/mysql/values.yaml @@ -1,14 +1,14 @@ -diskSize: "10Gi" - -# Resource configuration -resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1024M" - -version: "8.0" - +diskSize: "10Gi" + +# Resource configuration +resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1024M" + +version: "8.0" + customMyCnf: "" \ No newline at end of file diff --git a/charts/opentsdb/Chart.yaml b/charts/opentsdb/Chart.yaml index 63f94a9c..0de0f247 100644 --- a/charts/opentsdb/Chart.yaml +++ b/charts/opentsdb/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying opentsdb -name: opentsdb -version: 0.0.3 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying opentsdb +name: opentsdb +version: 0.0.3 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/opentsdb/Readme.md b/charts/opentsdb/Readme.md index b586c141..3cb098f1 100644 --- a/charts/opentsdb/Readme.md +++ b/charts/opentsdb/Readme.md @@ -1,155 +1,155 @@ -# OpenTSDB Helm Chart - -The OpenTSDB Helm chart enables the deployment of OpenTSDB, a scalable time-series database, in a Kubernetes cluster. OpenTSDB is designed for large-scale data collection, storage, and analysis, providing an efficient way to handle time-series data. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Add the Helm repository to your local setup: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. - ---- - -## Install Helm Chart - -To install the OpenTSDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/opentsdb -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-opentsdb zopdev/opentsdb -``` - -To customize configurations, provide a `values.yaml` file or override values via the command line. - -Refer to [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more details. - ---- - -## Uninstall Helm Chart - -To uninstall the OpenTSDB Helm chart and remove all associated Kubernetes resources, use the command: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-opentsdb -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -Below is a summary of configurable parameters for the OpenTSDB Helm chart: - -| **Input** | **Type** | **Description** | **Default** | -|--------------------------|-----------|--------------------------------------------------------------------|-----------------------------------| -| `replicaCount` | `integer` | Number of replicas for the OpenTSDB StatefulSet. | `1` | -| `image.opentsdb` | `string` | Docker image and tag for the OpenTSDB container. | `petergrace/opentsdb-docker:latest` | -| `image.pullPolicy` | `string` | Image pull policy for the OpenTSDB container. | `IfNotPresent` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the OpenTSDB container. | `"100m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the OpenTSDB container. | `"256M"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the OpenTSDB container can use. | `"1000m"` | -| `resources.limits.memory`| `string` | Maximum memory resources the OpenTSDB container can use. | `"1Gi"` | -| `diskSize` | `string` | Size of the persistent volume for OpenTSDB data storage. | `"10Gi"` | -| `updateStrategy.type` | `string` | Update strategy for the OpenTSDB StatefulSet. | `RollingUpdate` | -| `opentsdb_port` | `integer` | Port on which OpenTSDB listens for incoming connections. | `4242` | - -You can override these values in a `values.yaml` file or via the command line during installation. - ---- - -### Example `values.yaml` File - -```yaml -version: 2.2 - -# Resource configuration -resources: - requests: - cpu: "100m" - memory: "256M" - limits: - cpu: "1000m" - memory: "1Gi" - -diskSize: "10Gi" -``` - -Apply the configuration file during installation: - -```bash -helm install my-opentsdb zopdev/opentsdb -f values.yaml -``` - ---- - -## Features - -- **Scalable Deployment:** Adjust replica count for high availability and load distribution. -- **Custom Resource Allocation:** Define resource requests and limits for CPU and memory to suit workload requirements. -- **Persistent Storage:** Ensure data persistence using configurable persistent volumes. -- **Rolling Updates:** Apply changes to the StatefulSet with zero downtime using the `RollingUpdate` strategy. - ---- - -## Advanced Usage - -### Persistent Volume Configuration - -Customize the persistent volume size and storage class for OpenTSDB data: - -```yaml -diskSize: "50Gi" -storageClass: "high-performance" -``` - -### Network Configuration - -Specify the OpenTSDB port and integrate with other services: - -```yaml -opentsdb_port: 8080 -``` - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# OpenTSDB Helm Chart + +The OpenTSDB Helm chart enables the deployment of OpenTSDB, a scalable time-series database, in a Kubernetes cluster. OpenTSDB is designed for large-scale data collection, storage, and analysis, providing an efficient way to handle time-series data. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Add the Helm repository to your local setup: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. + +--- + +## Install Helm Chart + +To install the OpenTSDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/opentsdb +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-opentsdb zopdev/opentsdb +``` + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +Refer to [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more details. + +--- + +## Uninstall Helm Chart + +To uninstall the OpenTSDB Helm chart and remove all associated Kubernetes resources, use the command: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-opentsdb +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +Below is a summary of configurable parameters for the OpenTSDB Helm chart: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|--------------------------------------------------------------------|-----------------------------------| +| `replicaCount` | `integer` | Number of replicas for the OpenTSDB StatefulSet. | `1` | +| `image.opentsdb` | `string` | Docker image and tag for the OpenTSDB container. | `petergrace/opentsdb-docker:latest` | +| `image.pullPolicy` | `string` | Image pull policy for the OpenTSDB container. | `IfNotPresent` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the OpenTSDB container. | `"100m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the OpenTSDB container. | `"256M"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the OpenTSDB container can use. | `"1000m"` | +| `resources.limits.memory`| `string` | Maximum memory resources the OpenTSDB container can use. | `"1Gi"` | +| `diskSize` | `string` | Size of the persistent volume for OpenTSDB data storage. | `"10Gi"` | +| `updateStrategy.type` | `string` | Update strategy for the OpenTSDB StatefulSet. | `RollingUpdate` | +| `opentsdb_port` | `integer` | Port on which OpenTSDB listens for incoming connections. | `4242` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +```yaml +version: 2.2 + +# Resource configuration +resources: + requests: + cpu: "100m" + memory: "256M" + limits: + cpu: "1000m" + memory: "1Gi" + +diskSize: "10Gi" +``` + +Apply the configuration file during installation: + +```bash +helm install my-opentsdb zopdev/opentsdb -f values.yaml +``` + +--- + +## Features + +- **Scalable Deployment:** Adjust replica count for high availability and load distribution. +- **Custom Resource Allocation:** Define resource requests and limits for CPU and memory to suit workload requirements. +- **Persistent Storage:** Ensure data persistence using configurable persistent volumes. +- **Rolling Updates:** Apply changes to the StatefulSet with zero downtime using the `RollingUpdate` strategy. + +--- + +## Advanced Usage + +### Persistent Volume Configuration + +Customize the persistent volume size and storage class for OpenTSDB data: + +```yaml +diskSize: "50Gi" +storageClass: "high-performance" +``` + +### Network Configuration + +Specify the OpenTSDB port and integrate with other services: + +```yaml +opentsdb_port: 8080 +``` + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/opentsdb/templates/configmap.yaml b/charts/opentsdb/templates/configmap.yaml index 7362e263..78c70d87 100644 --- a/charts/opentsdb/templates/configmap.yaml +++ b/charts/opentsdb/templates/configmap.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-opentsdb-configmap" - namespace: {{ .Release.Namespace | quote }} -data: - OPENTSDB_HOST: {{ $.Release.Name }}-opentsdb +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-opentsdb-configmap" + namespace: {{ .Release.Namespace | quote }} +data: + OPENTSDB_HOST: {{ $.Release.Name }}-opentsdb OPENTSDB_PORT: "4242" \ No newline at end of file diff --git a/charts/opentsdb/templates/service.yaml b/charts/opentsdb/templates/service.yaml index beedd411..7199b19a 100644 --- a/charts/opentsdb/templates/service.yaml +++ b/charts/opentsdb/templates/service.yaml @@ -1,14 +1,14 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-opentsdb - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - app.kubernetes.io/part-of: opentsdb - app: {{ $.Release.Name }}-opentsdb - type: ClusterIP - ports: - - protocol: TCP - port: 4242 +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-opentsdb + namespace: {{ .Release.Namespace | quote }} +spec: + selector: + app.kubernetes.io/part-of: opentsdb + app: {{ $.Release.Name }}-opentsdb + type: ClusterIP + ports: + - protocol: TCP + port: 4242 targetPort: 4242 \ No newline at end of file diff --git a/charts/opentsdb/templates/statefulset.yaml b/charts/opentsdb/templates/statefulset.yaml index 73457758..9e53d286 100644 --- a/charts/opentsdb/templates/statefulset.yaml +++ b/charts/opentsdb/templates/statefulset.yaml @@ -1,68 +1,68 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $.Release.Name }}-opentsdb - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/part-of: opentsdb - app: {{ $.Release.Name }}-opentsdb -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/part-of: opentsdb - app: {{ $.Release.Name }}-opentsdb - serviceName: {{ $.Release.Name }}-opentsdb - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/part-of: opentsdb - app: {{ $.Release.Name }}-opentsdb - spec: - containers: - - name: opentsdb - image: "petergrace/opentsdb-docker:{{ .Values.version }}" - imagePullPolicy: "IfNotPresent" - ports: - - containerPort: 4242 - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - env: - - name: OPENTSDB_HOST - valueFrom: - configMapKeyRef: - name: "{{ .Release.Name }}-opentsdb-configmap" - key: OPENTSDB_HOST - - name: OPENTSDB_PORT - valueFrom: - configMapKeyRef: - name: "{{ .Release.Name }}-opentsdb-configmap" - key: OPENTSDB_PORT - readinessProbe: - tcpSocket: - port: 4242 - initialDelaySeconds: 60 - timeoutSeconds: 15 - livenessProbe: - tcpSocket: - port: 4242 - initialDelaySeconds: 60 - timeoutSeconds: 15 - volumeMounts: - - name: {{ $.Release.Name }}-persistent-storage - mountPath: /opt/opentsdb/data - volumeClaimTemplates: - - metadata: - name: {{ $.Release.Name }}-persistent-storage - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $.Release.Name }}-opentsdb + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/part-of: opentsdb + app: {{ $.Release.Name }}-opentsdb +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/part-of: opentsdb + app: {{ $.Release.Name }}-opentsdb + serviceName: {{ $.Release.Name }}-opentsdb + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/part-of: opentsdb + app: {{ $.Release.Name }}-opentsdb + spec: + containers: + - name: opentsdb + image: "petergrace/opentsdb-docker:{{ .Values.version }}" + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 4242 + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + env: + - name: OPENTSDB_HOST + valueFrom: + configMapKeyRef: + name: "{{ .Release.Name }}-opentsdb-configmap" + key: OPENTSDB_HOST + - name: OPENTSDB_PORT + valueFrom: + configMapKeyRef: + name: "{{ .Release.Name }}-opentsdb-configmap" + key: OPENTSDB_PORT + readinessProbe: + tcpSocket: + port: 4242 + initialDelaySeconds: 60 + timeoutSeconds: 15 + livenessProbe: + tcpSocket: + port: 4242 + initialDelaySeconds: 60 + timeoutSeconds: 15 + volumeMounts: + - name: {{ $.Release.Name }}-persistent-storage + mountPath: /opt/opentsdb/data + volumeClaimTemplates: + - metadata: + name: {{ $.Release.Name }}-persistent-storage + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: storage: {{ .Values.diskSize }} \ No newline at end of file diff --git a/charts/opentsdb/values.schema.json b/charts/opentsdb/values.schema.json index ce05c22a..fe863eb0 100644 --- a/charts/opentsdb/values.schema.json +++ b/charts/opentsdb/values.schema.json @@ -1,68 +1,68 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "100m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+M$", - "default": "256M", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "1000m", - "mutable": true - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "1Gi", - "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "version": { - "default": "2.2", - "mutable": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - } - } -} +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "100m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+M$", + "default": "256M", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "1000m", + "mutable": true + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "1Gi", + "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "version": { + "default": "2.2", + "mutable": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + } + } +} diff --git a/charts/opentsdb/values.yaml b/charts/opentsdb/values.yaml index b0f26913..855b4f53 100644 --- a/charts/opentsdb/values.yaml +++ b/charts/opentsdb/values.yaml @@ -1,16 +1,16 @@ -# values.yaml for OpenTSDB Helm chart -version: 2.2 - -# Resource configuration -resources: - requests: - cpu: "100m" - memory: "256M" - limits: - cpu: "1000m" - memory: "1Gi" - -diskSize: "10Gi" - -# Update strategy for the StatefulSet - +# values.yaml for OpenTSDB Helm chart +version: 2.2 + +# Resource configuration +resources: + requests: + cpu: "100m" + memory: "256M" + limits: + cpu: "1000m" + memory: "1Gi" + +diskSize: "10Gi" + +# Update strategy for the StatefulSet + diff --git a/charts/outline/Chart.lock b/charts/outline/Chart.lock index 7c2db5af..2c519cd3 100644 --- a/charts/outline/Chart.lock +++ b/charts/outline/Chart.lock @@ -1,12 +1,12 @@ -dependencies: -- name: postgres - repository: https://helm.zop.dev - version: v0.0.3 -- name: redis - repository: https://helm.zop.dev - version: v0.0.1 -- name: service - repository: https://helm.zop.dev - version: v0.0.17 -digest: sha256:26fd1db29a5c83f12989a53500bf0024b4a6be999b944cbd1e06173e3793d676 -generated: "2025-03-10T12:25:42.386582+05:30" +dependencies: +- name: postgres + repository: https://helm.zop.dev + version: v0.0.3 +- name: redis + repository: https://helm.zop.dev + version: v0.0.1 +- name: service + repository: https://helm.zop.dev + version: v0.0.17 +digest: sha256:26fd1db29a5c83f12989a53500bf0024b4a6be999b944cbd1e06173e3793d676 +generated: "2025-03-10T12:25:42.386582+05:30" diff --git a/charts/outline/Chart.yaml b/charts/outline/Chart.yaml index ab6f99ac..b7d16141 100644 --- a/charts/outline/Chart.yaml +++ b/charts/outline/Chart.yaml @@ -1,22 +1,22 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying outline app -name: outline -version: 0.0.5 -type: application -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg" -dependencies: - - name: postgres - version: 0.0.3 - repository: https://helm.zop.dev - - name: redis - version: 0.0.1 - repository: https://helm.zop.dev - - name: service - version: 0.0.17 - repository: https://helm.zop.dev -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying outline app +name: outline +version: 0.0.5 +type: application +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg" +dependencies: + - name: postgres + version: 0.0.3 + repository: https://helm.zop.dev + - name: redis + version: 0.0.1 + repository: https://helm.zop.dev + - name: service + version: 0.0.17 + repository: https://helm.zop.dev +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: application \ No newline at end of file diff --git a/charts/outline/README.md b/charts/outline/README.md index c71219b6..4b8889f7 100644 --- a/charts/outline/README.md +++ b/charts/outline/README.md @@ -1,262 +1,262 @@ -# Outline Helm Chart - -This Helm chart deploys Outline, a modern team knowledge base and wiki platform, on Kubernetes. Outline provides a beautiful, real-time collaborative editing experience with features like rich text editing, markdown support, and team collaboration tools. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- PostgreSQL database (automatically installed as a dependency) -- Redis instance (automatically installed as a dependency) - ---- - -## Dependencies - -Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: - -```bash -helm dependency build -``` - -This command will: -1. Read the dependencies from `Chart.yaml` -2. Download the required charts (PostgreSQL, Redis, and Service) from the specified repositories -3. Store them in the `charts/` directory -4. Create or update the `Chart.lock` file with the exact versions - -If you encounter any issues with the dependencies, you can try: -```bash -helm dependency update # Updates dependencies to the latest versions -``` - -This chart requires the following dependencies to be installed: - -### PostgreSQL -- **Chart**: `postgres` -- **Version**: `0.0.3` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Provides the primary database for Outline's content and user data - -### Redis -- **Chart**: `redis` -- **Version**: `0.0.1` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Used for caching and real-time collaboration features - -### Service -- **Chart**: `service` -- **Version**: `0.0.17` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Manages the Outline application deployment and service configuration - -To install these dependencies automatically, ensure the following in your `values.yaml`: - -```yaml -postgres: - enabled: true - # Additional PostgreSQL configuration... - -redis: - enabled: true - # Additional Redis configuration... - -service: - enabled: true - # Additional service configuration... -``` - -The dependencies will be automatically installed when you deploy the Outline chart. You can customize their configuration through the respective sections in your `values.yaml` file. - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the Outline Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/outline -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-outline zopdev/outline -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Outline Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-outline -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The Outline Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### Service Configuration - -| **Input** | **Type** | **Description** | **Default** | -|-----------------------|-----------|------------------------------------|-------------------------| -| `service.name` | `string` | Name of the Outline service. | `"outline"` | -| `service.image` | `string` | Docker image for Outline. | `"outlinewiki/outline"` | -| `service.minCPU` | `string` | Minimum CPU resources required. | `"250m"` | -| `service.minMemory` | `string` | Minimum memory resources required. | `"1000Mi"` | -| `service.maxCPU` | `string` | Maximum CPU resources allowed. | `"500m"` | -| `service.maxMemory` | `string` | Maximum memory resources allowed. | `"1500Mi"` | -| `service.minReplicas` | `integer` | Minimum number of replicas. | `1` | - -### Environment Configuration - -| **Input** | **Type** | **Description** | **Default** | -|----------------------------|-----------|------------------------------------------|--------------------| -| `service.env.SECRET_KEY` | `string` | Secret key for encryption (32-byte hex). | Randomly generated | -| `service.env.UTILS_SECRET` | `string` | Secret for utilities (32-byte hex). | Randomly generated | -| `service.env.FILE_STORAGE` | `string` | File storage backend type. | `"local"` | -| `service.env.FORCE_HTTPS` | `boolean` | Whether to force HTTPS. | `false` | -| `service.env.PGSSLMODE` | `string` | PostgreSQL SSL mode. | `"disable"` | -| `service.env.PORT` | `integer` | Port for the Outline service. | `3000` | - -### Database Configuration - -| **Input** | **Type** | **Description** | **Default** | -|---------------------------------|----------|----------------------------------|-------------| -| `postgres.services[0].name` | `string` | Name of the PostgreSQL service. | `"outline"` | -| `postgres.services[0].database` | `string` | Name of the PostgreSQL database. | `"outline"` | -| `redis.services[0].name` | `string` | Name of the Redis service. | `"outline"` | -| `redis.services[0].database` | `string` | Redis database number. | `"outline"` | - -### Health Check Configuration - -| **Input** | **Type** | **Description** | **Default** | -|----------------------------------------------|-----------|------------------------------------|-------------| -| `service.livenessProbe.enable` | `boolean` | Whether to enable liveness probe. | `true` | -| `service.livenessProbe.initialDelaySeconds` | `integer` | Initial delay for liveness probe. | `30` | -| `service.readinessProbe.enable` | `boolean` | Whether to enable readiness probe. | `true` | -| `service.readinessProbe.initialDelaySeconds` | `integer` | Initial delay for readiness probe. | `30` | - ---- - -## Example `values.yaml` - -```yaml -service: - name: outline - image: outlinewiki/outline - minCPU: "250m" - minMemory: "1000Mi" - maxCPU: "500m" - maxMemory: "1500Mi" - minReplicas: 1 - - env: - SECRET_KEY: "" - UTILS_SECRET: "" - FILE_STORAGE: "local" - FORCE_HTTPS: false - PGSSLMODE: "disable" - PORT: 3000 - FILE_STORAGE_LOCAL_ROOT_DIR: "/data" - -postgres: - services: - - name: "outline" - database: "outline" - -redis: - services: - - name: "outline" - database: "outline" -``` - ---- - -## Features - -- Deploys Outline wiki platform with all dependencies -- Automatic PostgreSQL database setup -- Redis integration for caching and real-time features -- Configurable resource limits and requests -- Health monitoring with liveness and readiness probes -- Local file storage support -- HTTPS support -- Customizable environment variables -- Automatic database migrations -- Persistent storage for file uploads - ---- - -## Architecture - -The Outline deployment includes: -- Outline application pods -- PostgreSQL database (dependency) -- Redis instance (dependency) -- Persistent volume for file storage -- Health check endpoints -- Ingress configuration for external access -- Environment variable configuration -- Database connection management - ---- - -## Security Features - -- Configurable secret keys for encryption -- HTTPS support -- Database SSL configuration -- Health check monitoring -- Resource limits and requests -- Secure environment variable handling - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Outline Helm Chart + +This Helm chart deploys Outline, a modern team knowledge base and wiki platform, on Kubernetes. Outline provides a beautiful, real-time collaborative editing experience with features like rich text editing, markdown support, and team collaboration tools. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- PostgreSQL database (automatically installed as a dependency) +- Redis instance (automatically installed as a dependency) + +--- + +## Dependencies + +Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: + +```bash +helm dependency build +``` + +This command will: +1. Read the dependencies from `Chart.yaml` +2. Download the required charts (PostgreSQL, Redis, and Service) from the specified repositories +3. Store them in the `charts/` directory +4. Create or update the `Chart.lock` file with the exact versions + +If you encounter any issues with the dependencies, you can try: +```bash +helm dependency update # Updates dependencies to the latest versions +``` + +This chart requires the following dependencies to be installed: + +### PostgreSQL +- **Chart**: `postgres` +- **Version**: `0.0.3` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Provides the primary database for Outline's content and user data + +### Redis +- **Chart**: `redis` +- **Version**: `0.0.1` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Used for caching and real-time collaboration features + +### Service +- **Chart**: `service` +- **Version**: `0.0.17` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Manages the Outline application deployment and service configuration + +To install these dependencies automatically, ensure the following in your `values.yaml`: + +```yaml +postgres: + enabled: true + # Additional PostgreSQL configuration... + +redis: + enabled: true + # Additional Redis configuration... + +service: + enabled: true + # Additional service configuration... +``` + +The dependencies will be automatically installed when you deploy the Outline chart. You can customize their configuration through the respective sections in your `values.yaml` file. + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the Outline Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/outline +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-outline zopdev/outline +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Outline Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-outline +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The Outline Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### Service Configuration + +| **Input** | **Type** | **Description** | **Default** | +|-----------------------|-----------|------------------------------------|-------------------------| +| `service.name` | `string` | Name of the Outline service. | `"outline"` | +| `service.image` | `string` | Docker image for Outline. | `"outlinewiki/outline"` | +| `service.minCPU` | `string` | Minimum CPU resources required. | `"250m"` | +| `service.minMemory` | `string` | Minimum memory resources required. | `"1000Mi"` | +| `service.maxCPU` | `string` | Maximum CPU resources allowed. | `"500m"` | +| `service.maxMemory` | `string` | Maximum memory resources allowed. | `"1500Mi"` | +| `service.minReplicas` | `integer` | Minimum number of replicas. | `1` | + +### Environment Configuration + +| **Input** | **Type** | **Description** | **Default** | +|----------------------------|-----------|------------------------------------------|--------------------| +| `service.env.SECRET_KEY` | `string` | Secret key for encryption (32-byte hex). | Randomly generated | +| `service.env.UTILS_SECRET` | `string` | Secret for utilities (32-byte hex). | Randomly generated | +| `service.env.FILE_STORAGE` | `string` | File storage backend type. | `"local"` | +| `service.env.FORCE_HTTPS` | `boolean` | Whether to force HTTPS. | `false` | +| `service.env.PGSSLMODE` | `string` | PostgreSQL SSL mode. | `"disable"` | +| `service.env.PORT` | `integer` | Port for the Outline service. | `3000` | + +### Database Configuration + +| **Input** | **Type** | **Description** | **Default** | +|---------------------------------|----------|----------------------------------|-------------| +| `postgres.services[0].name` | `string` | Name of the PostgreSQL service. | `"outline"` | +| `postgres.services[0].database` | `string` | Name of the PostgreSQL database. | `"outline"` | +| `redis.services[0].name` | `string` | Name of the Redis service. | `"outline"` | +| `redis.services[0].database` | `string` | Redis database number. | `"outline"` | + +### Health Check Configuration + +| **Input** | **Type** | **Description** | **Default** | +|----------------------------------------------|-----------|------------------------------------|-------------| +| `service.livenessProbe.enable` | `boolean` | Whether to enable liveness probe. | `true` | +| `service.livenessProbe.initialDelaySeconds` | `integer` | Initial delay for liveness probe. | `30` | +| `service.readinessProbe.enable` | `boolean` | Whether to enable readiness probe. | `true` | +| `service.readinessProbe.initialDelaySeconds` | `integer` | Initial delay for readiness probe. | `30` | + +--- + +## Example `values.yaml` + +```yaml +service: + name: outline + image: outlinewiki/outline + minCPU: "250m" + minMemory: "1000Mi" + maxCPU: "500m" + maxMemory: "1500Mi" + minReplicas: 1 + + env: + SECRET_KEY: "" + UTILS_SECRET: "" + FILE_STORAGE: "local" + FORCE_HTTPS: false + PGSSLMODE: "disable" + PORT: 3000 + FILE_STORAGE_LOCAL_ROOT_DIR: "/data" + +postgres: + services: + - name: "outline" + database: "outline" + +redis: + services: + - name: "outline" + database: "outline" +``` + +--- + +## Features + +- Deploys Outline wiki platform with all dependencies +- Automatic PostgreSQL database setup +- Redis integration for caching and real-time features +- Configurable resource limits and requests +- Health monitoring with liveness and readiness probes +- Local file storage support +- HTTPS support +- Customizable environment variables +- Automatic database migrations +- Persistent storage for file uploads + +--- + +## Architecture + +The Outline deployment includes: +- Outline application pods +- PostgreSQL database (dependency) +- Redis instance (dependency) +- Persistent volume for file storage +- Health check endpoints +- Ingress configuration for external access +- Environment variable configuration +- Database connection management + +--- + +## Security Features + +- Configurable secret keys for encryption +- HTTPS support +- Database SSL configuration +- Health check monitoring +- Resource limits and requests +- Secure environment variable handling + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/outline/values.schema.json b/charts/outline/values.schema.json index 8092e3e1..e4861da6 100644 --- a/charts/outline/values.schema.json +++ b/charts/outline/values.schema.json @@ -1,49 +1,49 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "postgres": { - "type": "object", - "properties": { - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["outline"] }, - "database": { "type": "string", "enum": ["outline"] } - } - } - } - } - }, - "redis": { - "type": "object", - "properties": { - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["outline"] }, - "database": { "type": "string", "enum": ["outline"] } - } - } - } - } - }, - "service": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["outline"] }, - "image": { "type": "string", "enum": ["outlinewiki/outline"] }, - "minCPU": { "type": "string" ,"default": "250m", "mutable": true}, - "minMemory": { "type": "string","default": "1000Mi", "mutable": true }, - "maxCPU": { "type": "string","default": "500m", "mutable": true }, - "maxMemory": { "type": "string","default": "1500Mi", "mutable": true - }, - "minReplicas": { "type": "integer", "enum": [1] } - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "postgres": { + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["outline"] }, + "database": { "type": "string", "enum": ["outline"] } + } + } + } + } + }, + "redis": { + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["outline"] }, + "database": { "type": "string", "enum": ["outline"] } + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["outline"] }, + "image": { "type": "string", "enum": ["outlinewiki/outline"] }, + "minCPU": { "type": "string" ,"default": "250m", "mutable": true}, + "minMemory": { "type": "string","default": "1000Mi", "mutable": true }, + "maxCPU": { "type": "string","default": "500m", "mutable": true }, + "maxMemory": { "type": "string","default": "1500Mi", "mutable": true + }, + "minReplicas": { "type": "integer", "enum": [1] } + } + } + } } \ No newline at end of file diff --git a/charts/outline/values.yaml b/charts/outline/values.yaml index 23cc938d..64f6ec8d 100644 --- a/charts/outline/values.yaml +++ b/charts/outline/values.yaml @@ -1,68 +1,68 @@ -postgres: - services: - - name: "outline" - database: "outline" -redis: - services: - - name: "outline" - database: "outline" - - -service: - name: outline - image: outlinewiki/outline - minCPU: "250m" - minMemory: "1000Mi" - maxCPU: "500m" - maxMemory: "1500Mi" - minReplicas: 1 - - nginx: - host : - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: '' - nginx.ingress.kubernetes.io/auth-secret: '' - nginx.ingress.kubernetes.io/auth-type: '' - tlsHost : - tlsSecretName: - - env: - SECRET_KEY: 106ff5ec40e340972540fefd770dad24db868deb68bec9d2556365f2ff66ed99 # Replace with a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` - UTILS_SECRET: 45aec6e6b7340f3c8e5b34d533f9d63fd72a2830ee35d1345cb144d484205ba2 # Replace with a unique random key. You could still use `openssl rand -hex 32` - FILE_STORAGE : local - FORCE_HTTPS: false - PGSSLMODE: disable - PORT: 3000 - FILE_STORAGE_LOCAL_ROOT_DIR : /data - - datastores: - postgres: - - datastore: outline - database: outline - redis: - - datastore: outline - database: outline - - heartbeatURL: / - - httpPort: 3000 - - livenessProbe: - enable: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 3 - - readinessProbe: - enable: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - - volumeMounts: - emptyDir: - - name: outline-storage +postgres: + services: + - name: "outline" + database: "outline" +redis: + services: + - name: "outline" + database: "outline" + + +service: + name: outline + image: outlinewiki/outline + minCPU: "250m" + minMemory: "1000Mi" + maxCPU: "500m" + maxMemory: "1500Mi" + minReplicas: 1 + + nginx: + host : + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: '' + nginx.ingress.kubernetes.io/auth-secret: '' + nginx.ingress.kubernetes.io/auth-type: '' + tlsHost : + tlsSecretName: + + env: + SECRET_KEY: 106ff5ec40e340972540fefd770dad24db868deb68bec9d2556365f2ff66ed99 # Replace with a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` + UTILS_SECRET: 45aec6e6b7340f3c8e5b34d533f9d63fd72a2830ee35d1345cb144d484205ba2 # Replace with a unique random key. You could still use `openssl rand -hex 32` + FILE_STORAGE : local + FORCE_HTTPS: false + PGSSLMODE: disable + PORT: 3000 + FILE_STORAGE_LOCAL_ROOT_DIR : /data + + datastores: + postgres: + - datastore: outline + database: outline + redis: + - datastore: outline + database: outline + + heartbeatURL: / + + httpPort: 3000 + + livenessProbe: + enable: true + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + + readinessProbe: + enable: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + + volumeMounts: + emptyDir: + - name: outline-storage mountPath: /data \ No newline at end of file diff --git a/charts/outline/zop-values.yaml b/charts/outline/zop-values.yaml index 3e7dd1d9..8c2f4c18 100644 --- a/charts/outline/zop-values.yaml +++ b/charts/outline/zop-values.yaml @@ -1,5 +1,5 @@ -service: - minCPU: "250m" - minMemory: "1000Mi" - maxCPU: "500m" +service: + minCPU: "250m" + minMemory: "1000Mi" + maxCPU: "500m" maxMemory: "1500Mi" \ No newline at end of file diff --git a/charts/postgres/Chart.yaml b/charts/postgres/Chart.yaml index 9d976487..e01182f1 100644 --- a/charts/postgres/Chart.yaml +++ b/charts/postgres/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying postgres datastore -name: postgres -version: 0.0.10 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying postgres datastore +name: postgres +version: 0.0.10 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/postgres/Readme.md b/charts/postgres/Readme.md index 25978f27..6d593f7e 100644 --- a/charts/postgres/Readme.md +++ b/charts/postgres/Readme.md @@ -1,156 +1,156 @@ -# PostgreSQL Helm Chart - -The PostgreSQL Helm chart provides a straightforward way to deploy and manage PostgreSQL instances in your Kubernetes cluster. It offers customizable options for persistence, resource configuration, and scalability to cater to a wide range of workloads. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Before installing the PostgreSQL chart, add the repository to your Helm installation and update the repository index: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for additional information. - ---- - -## Install Helm Chart - -To install the PostgreSQL Helm chart, execute the following command: - -```bash -helm install [RELEASE_NAME] zopdev/postgres -``` - -Replace `[RELEASE_NAME]` with the desired release name. - -For example: - -```bash -helm install my-postgres zopdev/postgres -``` - -To customize the deployment, use a custom `values.yaml` file or override values directly via the command line. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To uninstall the PostgreSQL Helm chart and remove all associated Kubernetes resources, use: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-postgres -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The PostgreSQL Helm chart provides a variety of configurable parameters. The table below outlines the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|--------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| -| `postgresRootPassword` | `string` | Root password for the PostgreSQL instance. Leave unset for default random generation. | _None_ | -| `image` | `string` | Docker image and tag for the PostgreSQL container. | `postgres:15.9` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the PostgreSQL container. | `"500m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the PostgreSQL container. | `"256M"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the PostgreSQL container can use. | `"1500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the PostgreSQL container can use. | `"1Gi"` | -| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing PostgreSQL data. | `"10Gi"` | -| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | - -You can override these values in a `values.yaml` file or pass them as flags during installation. - ---- - -### Example `values.yaml` File - -```yaml -version: "17.4.0" - -replication: - enabled: false - count: 1 - -diskSize : "10Gi" - -resources: - requests: - cpu: "250m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" -``` - -To use this configuration, save it in a `values.yaml` file and apply it during installation: - -```bash -helm install my-postgres zopdev/postgres -f values.yaml -``` - ---- - -## Features - -- **Persistence:** Store PostgreSQL data across pod restarts using persistent volume claims. -- **Resource Optimization:** Define resource requests and limits to suit your workload and cluster capacity. -- **Rolling Updates:** Ensure zero downtime during updates with the default `RollingUpdate` strategy. -- **Customizable Configurations:** Flexibly tailor the deployment using Helm values. - ---- - -## Advanced Usage - -### Custom Secrets for Root Password - -You can provide a pre-existing Kubernetes secret to manage the PostgreSQL root password securely. Update the `values.yaml` file to include the secret name: - -```yaml -postgresRootPassword: - secretName: my-postgres-secret -``` - -Create the secret before deploying the chart: - -```bash -kubectl create secret generic my-postgres-secret --from-literal=postgres-root-password=my-secure-password -``` - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. +# PostgreSQL Helm Chart + +The PostgreSQL Helm chart provides a straightforward way to deploy and manage PostgreSQL instances in your Kubernetes cluster. It offers customizable options for persistence, resource configuration, and scalability to cater to a wide range of workloads. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Before installing the PostgreSQL chart, add the repository to your Helm installation and update the repository index: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for additional information. + +--- + +## Install Helm Chart + +To install the PostgreSQL Helm chart, execute the following command: + +```bash +helm install [RELEASE_NAME] zopdev/postgres +``` + +Replace `[RELEASE_NAME]` with the desired release name. + +For example: + +```bash +helm install my-postgres zopdev/postgres +``` + +To customize the deployment, use a custom `values.yaml` file or override values directly via the command line. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To uninstall the PostgreSQL Helm chart and remove all associated Kubernetes resources, use: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-postgres +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The PostgreSQL Helm chart provides a variety of configurable parameters. The table below outlines the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| +| `postgresRootPassword` | `string` | Root password for the PostgreSQL instance. Leave unset for default random generation. | _None_ | +| `image` | `string` | Docker image and tag for the PostgreSQL container. | `postgres:15.9` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the PostgreSQL container. | `"500m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the PostgreSQL container. | `"256M"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the PostgreSQL container can use. | `"1500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the PostgreSQL container can use. | `"1Gi"` | +| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing PostgreSQL data. | `"10Gi"` | +| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | + +You can override these values in a `values.yaml` file or pass them as flags during installation. + +--- + +### Example `values.yaml` File + +```yaml +version: "17.4.0" + +replication: + enabled: false + count: 1 + +diskSize : "10Gi" + +resources: + requests: + cpu: "250m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" +``` + +To use this configuration, save it in a `values.yaml` file and apply it during installation: + +```bash +helm install my-postgres zopdev/postgres -f values.yaml +``` + +--- + +## Features + +- **Persistence:** Store PostgreSQL data across pod restarts using persistent volume claims. +- **Resource Optimization:** Define resource requests and limits to suit your workload and cluster capacity. +- **Rolling Updates:** Ensure zero downtime during updates with the default `RollingUpdate` strategy. +- **Customizable Configurations:** Flexibly tailor the deployment using Helm values. + +--- + +## Advanced Usage + +### Custom Secrets for Root Password + +You can provide a pre-existing Kubernetes secret to manage the PostgreSQL root password securely. Update the `values.yaml` file to include the secret name: + +```yaml +postgresRootPassword: + secretName: my-postgres-secret +``` + +Create the secret before deploying the chart: + +```bash +kubectl create secret generic my-postgres-secret --from-literal=postgres-root-password=my-secure-password +``` + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. diff --git a/charts/postgres/templates/_helpers.tpl b/charts/postgres/templates/_helpers.tpl index 0250ba6b..46ee14e7 100644 --- a/charts/postgres/templates/_helpers.tpl +++ b/charts/postgres/templates/_helpers.tpl @@ -1,30 +1,30 @@ -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} \ No newline at end of file diff --git a/charts/postgres/templates/alerts.yaml b/charts/postgres/templates/alerts.yaml index 5577252e..c9628efc 100644 --- a/charts/postgres/templates/alerts.yaml +++ b/charts/postgres/templates/alerts.yaml @@ -1,49 +1,49 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-postgres.rules - rules: - - alert: PostgresqlRestarted - expr: time() - pg_postmaster_start_time_seconds < 60 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'PostgreSQL instance {{ .Release.Name }} restarted' - description: 'PostgreSQL instance {{ .Release.Name }} restarted < 1 minute ago' - - - alert: PostgresqlTooManyConnections - expr: sum by (instance, job, server) (pg_stat_activity_count) > min by (instance, job, server) (pg_settings_max_connections * 0.8) - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'PostgreSQL instance {{ .Release.Name }} has too many connections (> 80%)' - description: 'More than 80% of PostgreSQL connections of instance {{ .Release.Name }} are in use' - - - alert: PostgresqlDeadLocks - expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5 - for: 0m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'PostgreSQL instance {{ .Release.Name }} has dead-locks' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-postgres.rules + rules: + - alert: PostgresqlRestarted + expr: time() - pg_postmaster_start_time_seconds < 60 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'PostgreSQL instance {{ .Release.Name }} restarted' + description: 'PostgreSQL instance {{ .Release.Name }} restarted < 1 minute ago' + + - alert: PostgresqlTooManyConnections + expr: sum by (instance, job, server) (pg_stat_activity_count) > min by (instance, job, server) (pg_settings_max_connections * 0.8) + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'PostgreSQL instance {{ .Release.Name }} has too many connections (> 80%)' + description: 'More than 80% of PostgreSQL connections of instance {{ .Release.Name }} are in use' + + - alert: PostgresqlDeadLocks + expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5 + for: 0m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'PostgreSQL instance {{ .Release.Name }} has dead-locks' description: 'PostgreSQL instance {{ .Release.Name }} has dead-locks' \ No newline at end of file diff --git a/charts/postgres/templates/init-script-config-map.yaml b/charts/postgres/templates/init-script-config-map.yaml index 5ca2a75e..fc71f3ab 100644 --- a/charts/postgres/templates/init-script-config-map.yaml +++ b/charts/postgres/templates/init-script-config-map.yaml @@ -1,126 +1,126 @@ -{{- range $index, $service := .Values.services }} -{{- $maxLen := 27 }} -{{- $randomSuffix := randAlphaNum 4 | lower }} -{{- $trimmedName := trunc $maxLen $service.name }} -{{- $generatedUsername := printf "%s-%s_user" $trimmedName $randomSuffix }} -{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{/* Define Secret Name */}} -{{- $secretName := printf "%s-%s-%s-postgres-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} - -{{/* Retrieve existing secret (if any) */}} -{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} - -{{/* Use existing values if available, otherwise generate new ones */}} -{{- $username := $generatedUsername }} -{{- $password := $generatedPassword }} - -{{- if $existingSecret }} - {{- with $existingSecret.data }} - {{- if hasKey . "DB_USER" }} - {{- $username = index . "DB_USER" | b64dec }} - {{- end }} - {{- if hasKey . "DB_PASSWORD" }} - {{- $password = index . "DB_PASSWORD" | b64dec }} - {{- end }} - {{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-postgres-configmap - namespace: {{ $.Release.Namespace }} -data: - DB_DIALECT: "postgres" - DB_USER: "{{ $username }}" - DB_PORT: "5432" - DB_NAME: "{{ $service.database }}" - DB_HOST: "{{ $.Release.Name }}-postgres" ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - DB_USER: {{ $username | b64enc }} - DB_PASSWORD: {{ $password | b64enc }} - DATABASE_URL: {{ printf "postgres://%s:%s@%s-postgres:5432/%s" $username $password $.Release.Name $service.database | b64enc }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: postgres-{{ $.Release.Name }}-{{ $service.name }}-init-job - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: postgres-init-role - image: docker.io/bitnami/postgresql:{{ $.Values.version }} - command: ["/bin/bash"] - args: - - "-c" - - | - sleep 20 - POSTGRES_PASSWORD="$PGPASSWORD" - psql -h {{ $.Release.Name }}-postgres -U postgres -c " - CREATE EXTENSION IF NOT EXISTS dblink; - DO \$\$ - BEGIN - IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = '{{ $service.database }}') THEN - PERFORM dblink_exec( - 'host={{ $.Release.Name }}-postgres user=postgres password=$POSTGRES_PASSWORD', - 'CREATE DATABASE \"{{ $service.database }}\";' - ); - END IF; - END - \$\$; - " - psql -h {{ $.Release.Name }}-postgres -U postgres -d {{ $service.database }} -c " - REVOKE ALL ON SCHEMA public FROM PUBLIC; - DO \$do\$ - BEGIN - IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $username }}') THEN - CREATE USER \"{{ $username }}\" WITH ENCRYPTED PASSWORD '{{ $password }}'; - BEGIN - GRANT CONNECT, CREATE ON DATABASE \"{{ $service.database }}\" TO \"{{ $username }}\"; - EXCEPTION WHEN OTHERS THEN - RAISE NOTICE 'Error granting database privileges: %', SQLERRM; - RAISE; - END; - BEGIN - GRANT CREATE, USAGE ON SCHEMA public TO \"{{ $username }}\"; - EXCEPTION WHEN OTHERS THEN - RAISE NOTICE 'Error granting schema privileges: %', SQLERRM; - RAISE; - END; - BEGIN - ALTER DEFAULT PRIVILEGES FOR USER postgres IN SCHEMA public - GRANT INSERT, REFERENCES, SELECT, UPDATE, DELETE, TRUNCATE ON TABLES TO \"{{ $username }}\"; - EXCEPTION WHEN OTHERS THEN - RAISE NOTICE 'Error granting table privileges: %', SQLERRM; - RAISE; - END; - BEGIN - ALTER DEFAULT PRIVILEGES FOR USER postgres IN SCHEMA public - GRANT SELECT, UPDATE ON SEQUENCES TO \"{{ $username }}\"; - EXCEPTION WHEN OTHERS THEN - RAISE NOTICE 'Error granting sequence privileges: %', SQLERRM; - RAISE; - END; - ELSE - ALTER USER \"{{ $username }}\" PASSWORD '{{ $password }}'; - END IF; - END - \$do\$; - " - env: - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgres-password - restartPolicy: OnFailure ---- +{{- range $index, $service := .Values.services }} +{{- $maxLen := 27 }} +{{- $randomSuffix := randAlphaNum 4 | lower }} +{{- $trimmedName := trunc $maxLen $service.name }} +{{- $generatedUsername := printf "%s-%s_user" $trimmedName $randomSuffix }} +{{- $generatedPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{/* Define Secret Name */}} +{{- $secretName := printf "%s-%s-%s-postgres-database-secret" $.Release.Name (replace "_" "-" $service.database) $service.name }} + +{{/* Retrieve existing secret (if any) */}} +{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }} + +{{/* Use existing values if available, otherwise generate new ones */}} +{{- $username := $generatedUsername }} +{{- $password := $generatedPassword }} + +{{- if $existingSecret }} + {{- with $existingSecret.data }} + {{- if hasKey . "DB_USER" }} + {{- $username = index . "DB_USER" | b64dec }} + {{- end }} + {{- if hasKey . "DB_PASSWORD" }} + {{- $password = index . "DB_PASSWORD" | b64dec }} + {{- end }} + {{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ replace "_" "-" $service.database }}-{{ $service.name }}-postgres-configmap + namespace: {{ $.Release.Namespace }} +data: + DB_DIALECT: "postgres" + DB_USER: "{{ $username }}" + DB_PORT: "5432" + DB_NAME: "{{ $service.database }}" + DB_HOST: "{{ $.Release.Name }}-postgres" +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ $.Release.Namespace }} +type: Opaque +data: + DB_USER: {{ $username | b64enc }} + DB_PASSWORD: {{ $password | b64enc }} + DATABASE_URL: {{ printf "postgres://%s:%s@%s-postgres:5432/%s" $username $password $.Release.Name $service.database | b64enc }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: postgres-{{ $.Release.Name }}-{{ $service.name }}-init-job + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: postgres-init-role + image: docker.io/bitnami/postgresql:{{ $.Values.version }} + command: ["/bin/bash"] + args: + - "-c" + - | + sleep 20 + POSTGRES_PASSWORD="$PGPASSWORD" + psql -h {{ $.Release.Name }}-postgres -U postgres -c " + CREATE EXTENSION IF NOT EXISTS dblink; + DO \$\$ + BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = '{{ $service.database }}') THEN + PERFORM dblink_exec( + 'host={{ $.Release.Name }}-postgres user=postgres password=$POSTGRES_PASSWORD', + 'CREATE DATABASE \"{{ $service.database }}\";' + ); + END IF; + END + \$\$; + " + psql -h {{ $.Release.Name }}-postgres -U postgres -d {{ $service.database }} -c " + REVOKE ALL ON SCHEMA public FROM PUBLIC; + DO \$do\$ + BEGIN + IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $username }}') THEN + CREATE USER \"{{ $username }}\" WITH ENCRYPTED PASSWORD '{{ $password }}'; + BEGIN + GRANT CONNECT, CREATE ON DATABASE \"{{ $service.database }}\" TO \"{{ $username }}\"; + EXCEPTION WHEN OTHERS THEN + RAISE NOTICE 'Error granting database privileges: %', SQLERRM; + RAISE; + END; + BEGIN + GRANT CREATE, USAGE ON SCHEMA public TO \"{{ $username }}\"; + EXCEPTION WHEN OTHERS THEN + RAISE NOTICE 'Error granting schema privileges: %', SQLERRM; + RAISE; + END; + BEGIN + ALTER DEFAULT PRIVILEGES FOR USER postgres IN SCHEMA public + GRANT INSERT, REFERENCES, SELECT, UPDATE, DELETE, TRUNCATE ON TABLES TO \"{{ $username }}\"; + EXCEPTION WHEN OTHERS THEN + RAISE NOTICE 'Error granting table privileges: %', SQLERRM; + RAISE; + END; + BEGIN + ALTER DEFAULT PRIVILEGES FOR USER postgres IN SCHEMA public + GRANT SELECT, UPDATE ON SEQUENCES TO \"{{ $username }}\"; + EXCEPTION WHEN OTHERS THEN + RAISE NOTICE 'Error granting sequence privileges: %', SQLERRM; + RAISE; + END; + ELSE + ALTER USER \"{{ $username }}\" PASSWORD '{{ $password }}'; + END IF; + END + \$do\$; + " + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgres-password + restartPolicy: OnFailure +--- {{- end }} \ No newline at end of file diff --git a/charts/postgres/templates/secret.yaml b/charts/postgres/templates/secret.yaml index 743ba895..4aed5dc2 100644 --- a/charts/postgres/templates/secret.yaml +++ b/charts/postgres/templates/secret.yaml @@ -1,34 +1,34 @@ -{{- $secretName := printf "%s-postgres-root-secret" .Release.Name }} - -{{/* Generate a strong root password only if not already set */}} -{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} -{{- $generatedReplicaPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} - -{{- $rootPassword := $generatedRootPassword }} -{{- $replicaPassword := $generatedReplicaPassword }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -type: Opaque -data: - {{- if .Release.IsInstall }} - postgres-password: {{ $rootPassword | b64enc }} - {{ else }} - postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "postgres-password" }} - {{ end }} - - {{- if .Values.replication.enabled }} - {{- $replicaSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} - {{- if and $replicaSecret (hasKey $replicaSecret "data") (hasKey $replicaSecret.data "postgresql-replication-password") }} - postgresql-replication-password: {{ index $replicaSecret.data "postgresql-replication-password" }} - {{- else }} - postgresql-replication-password: {{ $replicaPassword | b64enc }} - {{- end }} +{{- $secretName := printf "%s-postgres-root-secret" .Release.Name }} + +{{/* Generate a strong root password only if not already set */}} +{{- $generatedRootPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} +{{- $generatedReplicaPassword := printf "%s%s%s" (randAlpha 4) (randNumeric 4) (randAlpha 4 | upper) }} + +{{- $rootPassword := $generatedRootPassword }} +{{- $replicaPassword := $generatedReplicaPassword }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if .Release.IsInstall }} + postgres-password: {{ $rootPassword | b64enc }} + {{ else }} + postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "postgres-password" }} + {{ end }} + + {{- if .Values.replication.enabled }} + {{- $replicaSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} + {{- if and $replicaSecret (hasKey $replicaSecret "data") (hasKey $replicaSecret.data "postgresql-replication-password") }} + postgresql-replication-password: {{ index $replicaSecret.data "postgresql-replication-password" }} + {{- else }} + postgresql-replication-password: {{ $replicaPassword | b64enc }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/postgres/templates/service-headless.yaml b/charts/postgres/templates/service-headless.yaml index 9ae4cfa5..66449928 100644 --- a/charts/postgres/templates/service-headless.yaml +++ b/charts/postgres/templates/service-headless.yaml @@ -1,22 +1,22 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-postgres-headless - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - - name: metrics-port - port: 2121 - targetPort: 2121 - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-postgres-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + - name: metrics-port + port: 2121 + targetPort: 2121 + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/charts/postgres/templates/service-read.yaml b/charts/postgres/templates/service-read.yaml index f1d956d7..cd402a88 100644 --- a/charts/postgres/templates/service-read.yaml +++ b/charts/postgres/templates/service-read.yaml @@ -1,21 +1,21 @@ -{{- if .Values.replication.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-postgres-read-replica - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave -{{- end }} +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-postgres-read-replica + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} diff --git a/charts/postgres/templates/service.yaml b/charts/postgres/templates/service.yaml index 64078bbe..9e2091a9 100644 --- a/charts/postgres/templates/service.yaml +++ b/charts/postgres/templates/service.yaml @@ -1,19 +1,19 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-postgres - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-postgres + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} role: master \ No newline at end of file diff --git a/charts/postgres/templates/serviceMonitor.yaml b/charts/postgres/templates/serviceMonitor.yaml index cc8c7335..87632813 100644 --- a/charts/postgres/templates/serviceMonitor.yaml +++ b/charts/postgres/templates/serviceMonitor.yaml @@ -1,19 +1,19 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ $.Release.Name }}-postgres - labels: - release: prometheus - app: {{ template "postgresql.name" . }} -spec: - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics-port - interval: 30s - path: /metrics +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ $.Release.Name }}-postgres + labels: + release: prometheus + app: {{ template "postgresql.name" . }} +spec: + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: metrics-port + interval: 30s + path: /metrics diff --git a/charts/postgres/templates/statefulset-slaves.yaml b/charts/postgres/templates/statefulset-slaves.yaml index b6536288..ffeb1f67 100644 --- a/charts/postgres/templates/statefulset-slaves.yaml +++ b/charts/postgres/templates/statefulset-slaves.yaml @@ -1,141 +1,141 @@ -{{- if .Values.replication.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ $.Release.Name }}-postgres-read-replica" - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - serviceName: {{ $.Release.Name }}-postgres-headless - replicas: {{ .Values.replication.count }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave - template: - metadata: - name: {{ $.Release.Name }}-postgres - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: slave - spec: - securityContext: - fsGroup: 1001 - containers: - - name: postgres-exporter - image: "quay.io/prometheuscommunity/postgres-exporter:v0.17.0" - args: - - "--web.listen-address=:2121" - - "--no-collector.stat_bgwriter" - env: - - name: DATA_SOURCE_USER - value: "postgres" - - name: DATA_SOURCE_URI - value: "localhost:5432/postgres?sslmode=disable" - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgres-password - ports: - - containerPort: 2121 - name: metrics - resources: - requests: - memory: "128Mi" - cpu: "256m" - limits: - memory: "256Mi" - cpu: "500m" - - - name: {{ $.Release.Name }}-postgres - image: docker.io/bitnami/postgresql:{{ .Values.version }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: "replicator" - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgresql-replication-password - - name: POSTGRES_CLUSTER_APP_NAME - value: "replica_app" - - name: POSTGRES_MASTER_HOST - value: {{ $.Release.Name }}-postgres - - name: POSTGRES_MASTER_PORT_NUMBER - value: "5432" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgres-password - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: {{ $.Release.Name }}-persistent-storage - mountPath: /bitnami/postgresql - volumes: - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: {{ $.Release.Name }}-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.diskSize | quote }} -{{- end }} +{{- if .Values.replication.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ $.Release.Name }}-postgres-read-replica" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ $.Release.Name }}-postgres-headless + replicas: {{ .Values.replication.count }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: {{ $.Release.Name }}-postgres + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave + spec: + securityContext: + fsGroup: 1001 + containers: + - name: postgres-exporter + image: "quay.io/prometheuscommunity/postgres-exporter:v0.17.0" + args: + - "--web.listen-address=:2121" + - "--no-collector.stat_bgwriter" + env: + - name: DATA_SOURCE_USER + value: "postgres" + - name: DATA_SOURCE_URI + value: "localhost:5432/postgres?sslmode=disable" + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgres-password + ports: + - containerPort: 2121 + name: metrics + resources: + requests: + memory: "128Mi" + cpu: "256m" + limits: + memory: "256Mi" + cpu: "500m" + + - name: {{ $.Release.Name }}-postgres + image: docker.io/bitnami/postgresql:{{ .Values.version }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + securityContext: + runAsUser: 1001 + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: "replicator" + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgresql-replication-password + - name: POSTGRES_CLUSTER_APP_NAME + value: "replica_app" + - name: POSTGRES_MASTER_HOST + value: {{ $.Release.Name }}-postgres + - name: POSTGRES_MASTER_PORT_NUMBER + value: "5432" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgres-password + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: {{ $.Release.Name }}-persistent-storage + mountPath: /bitnami/postgresql + volumes: + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: {{ $.Release.Name }}-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.diskSize | quote }} +{{- end }} diff --git a/charts/postgres/templates/statefulset.yaml b/charts/postgres/templates/statefulset.yaml index 3219d76d..0df2310f 100644 --- a/charts/postgres/templates/statefulset.yaml +++ b/charts/postgres/templates/statefulset.yaml @@ -1,140 +1,140 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - serviceName: {{ $.Release.Name }}-postgres-headless - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: master - template: - metadata: - name: {{ $.Release.Name }}-postgres - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: master - spec: - securityContext: - fsGroup: 1001 - containers: - - name: postgres-exporter - image: "quay.io/prometheuscommunity/postgres-exporter:v0.16.0" - args: - - "--web.listen-address=:2121" - - "--no-collector.stat_bgwriter" - env: - - name: DATA_SOURCE_USER - value: "postgres" - - name: DATA_SOURCE_URI - value: "localhost:5432/postgres?sslmode=disable" - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgres-password - ports: - - containerPort: 2121 - name: metrics - resources: - requests: - memory: "128Mi" - cpu: "256m" - limits: - memory: "256Mi" - cpu: "500m" - - name: {{ $.Release.Name }}-postgres - image: docker.io/bitnami/postgresql:{{ .Values.version }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: "replicator" - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgresql-replication-password - - name: POSTGRES_CLUSTER_APP_NAME - value: "replica_app" - {{- end }} - - name: POSTGRES_USER - value: "postgres" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-postgres-root-secret - key: postgres-password - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: {{ $.Release.Name }}-persistent-storage - mountPath: /bitnami/postgresql - volumes: - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - volumeClaimTemplates: - - metadata: - name: {{ $.Release.Name }}-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.diskSize | quote }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ $.Release.Name }}-postgres-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: {{ $.Release.Name }}-postgres + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master + spec: + securityContext: + fsGroup: 1001 + containers: + - name: postgres-exporter + image: "quay.io/prometheuscommunity/postgres-exporter:v0.16.0" + args: + - "--web.listen-address=:2121" + - "--no-collector.stat_bgwriter" + env: + - name: DATA_SOURCE_USER + value: "postgres" + - name: DATA_SOURCE_URI + value: "localhost:5432/postgres?sslmode=disable" + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgres-password + ports: + - containerPort: 2121 + name: metrics + resources: + requests: + memory: "128Mi" + cpu: "256m" + limits: + memory: "256Mi" + cpu: "500m" + - name: {{ $.Release.Name }}-postgres + image: docker.io/bitnami/postgresql:{{ .Values.version }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + securityContext: + runAsUser: 1001 + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: "replicator" + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgresql-replication-password + - name: POSTGRES_CLUSTER_APP_NAME + value: "replica_app" + {{- end }} + - name: POSTGRES_USER + value: "postgres" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-postgres-root-secret + key: postgres-password + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: {{ $.Release.Name }}-persistent-storage + mountPath: /bitnami/postgresql + volumes: + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + volumeClaimTemplates: + - metadata: + name: {{ $.Release.Name }}-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.diskSize | quote }} diff --git a/charts/postgres/values.schema.json b/charts/postgres/values.schema.json index 7ee2dd51..73988878 100644 --- a/charts/postgres/values.schema.json +++ b/charts/postgres/values.schema.json @@ -1,87 +1,87 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "17.4.0", - "mutable": true - }, - "replication": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "mutable": true - }, - "count": { - "type": "integer", - "default": 1, - "mutable": true - } - }, - "required": ["enabled", "count"] - }, - "diskSize": { - "type": "string", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "250m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "500Mi", - "mutable": true - } - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "1000Mi", - "mutable": true - } - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "database": { - "type": "string" - } - }, - "required": ["name", "database"] - } - } - }, - "required": ["version", "replication", "diskSize", "resources"] +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "17.4.0", + "mutable": true + }, + "replication": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "mutable": true + }, + "count": { + "type": "integer", + "default": 1, + "mutable": true + } + }, + "required": ["enabled", "count"] + }, + "diskSize": { + "type": "string", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "250m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "500Mi", + "mutable": true + } + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "1000Mi", + "mutable": true + } + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "database": { + "type": "string" + } + }, + "required": ["name", "database"] + } + } + }, + "required": ["version", "replication", "diskSize", "resources"] } \ No newline at end of file diff --git a/charts/postgres/values.yaml b/charts/postgres/values.yaml index 0479eb79..2422b140 100644 --- a/charts/postgres/values.yaml +++ b/charts/postgres/values.yaml @@ -1,15 +1,15 @@ -version: "17.4.0" - -replication: - enabled: false - count: 1 - -diskSize : "10Gi" - -resources: - requests: - cpu: "250m" - memory: "500Mi" - limits: - cpu: "500m" +version: "17.4.0" + +replication: + enabled: false + count: 1 + +diskSize : "10Gi" + +resources: + requests: + cpu: "250m" + memory: "500Mi" + limits: + cpu: "500m" memory: "1000Mi" \ No newline at end of file diff --git a/charts/redis/Chart.yaml b/charts/redis/Chart.yaml index 9f9834ec..28452f68 100644 --- a/charts/redis/Chart.yaml +++ b/charts/redis/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart deploys redis instance -name: redis -version: 0.0.5 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart deploys redis instance +name: redis +version: 0.0.5 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/redis/Readme.md b/charts/redis/Readme.md index fe457bdf..1933d78d 100644 --- a/charts/redis/Readme.md +++ b/charts/redis/Readme.md @@ -1,150 +1,150 @@ -# Redis Helm Chart - -The Redis Helm chart provides a simple and efficient way to deploy Redis instances in your Kubernetes cluster. It is optimized for scalability, persistence, and performance, making it suitable for caching, messaging, and data storage workloads. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Before deploying the Redis chart, add the repository to your Helm installation and update the repository index: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. - ---- - -## Install Helm Chart - -To install the Redis Helm chart, execute the following command: - -```bash -helm install [RELEASE_NAME] zopdev/redis -``` - -Replace `[RELEASE_NAME]` with the desired release name. - -For example: - -```bash -helm install my-redis zopdev/redis -``` - -To customize the deployment, use a custom `values.yaml` file or override values via command-line arguments. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To uninstall the Redis Helm chart and remove all associated Kubernetes resources, use: - -```bash -helm uninstall [RELEASE_NAME] -``` - -For example: - -```bash -helm uninstall my-redis -``` - -See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. - ---- - -## Configuration - -The Redis Helm chart provides a variety of configurable parameters. The table below outlines the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|--------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| -| `image` | `string` | Docker image and tag for the Redis container. | `redis:6.2.13` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Redis container. | `"500m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the Redis container. | `"256M"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the Redis container can use. | `"1500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the Redis container can use. | `"1Gi"` | -| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing Redis data. | `"10Gi"` | -| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | - -You can override these values in a `values.yaml` file or pass them as flags during installation. - ---- - -### Example `values.yaml` File - -```yaml -diskSize: "10Gi" - -version: "6.2.13" - -# Resource configuration -resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" - memory: "1Gi" -``` - -To use this configuration, save it in a `values.yaml` file and apply it during installation: - -```bash -helm install my-redis zopdev/redis -f values.yaml -``` - ---- - -## Features - -- **Persistence:** Store Redis data across pod restarts using persistent volume claims. -- **Resource Optimization:** Define resource requests and limits to suit your workload and cluster capacity. -- **Rolling Updates:** Ensure zero downtime during updates with the default `RollingUpdate` strategy. -- **Customizable Configurations:** Flexibly tailor the deployment using Helm values. - ---- - -## Advanced Usage - -### Custom Persistent Volume Configuration - -You can customize the persistent volume size and storage class for Redis data by updating the `values.yaml` file: - -```yaml -diskSize: "50Gi" -storageClass: "fast-storage" -``` - -### Scaling Redis - -To scale Redis pods or create replicas, adjust the configuration to enable clustering. For example, use a stateful set for Redis replicas or Sentinel for high availability. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Redis Helm Chart + +The Redis Helm chart provides a simple and efficient way to deploy Redis instances in your Kubernetes cluster. It is optimized for scalability, persistence, and performance, making it suitable for caching, messaging, and data storage workloads. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Before deploying the Redis chart, add the repository to your Helm installation and update the repository index: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +See [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. + +--- + +## Install Helm Chart + +To install the Redis Helm chart, execute the following command: + +```bash +helm install [RELEASE_NAME] zopdev/redis +``` + +Replace `[RELEASE_NAME]` with the desired release name. + +For example: + +```bash +helm install my-redis zopdev/redis +``` + +To customize the deployment, use a custom `values.yaml` file or override values via command-line arguments. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To uninstall the Redis Helm chart and remove all associated Kubernetes resources, use: + +```bash +helm uninstall [RELEASE_NAME] +``` + +For example: + +```bash +helm uninstall my-redis +``` + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +The Redis Helm chart provides a variety of configurable parameters. The table below outlines the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|--------------------------------------------------------------------------------------------------|-----------------------| +| `image` | `string` | Docker image and tag for the Redis container. | `redis:6.2.13` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Redis container. | `"500m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Redis container. | `"256M"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Redis container can use. | `"1500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the Redis container can use. | `"1Gi"` | +| `diskSize` | `string` | Size of the persistent volume claim (PVC) for storing Redis data. | `"10Gi"` | +| `updateStrategy.type` | `string` | Update strategy for the deployment. Options: `RollingUpdate` or `Recreate`. | `RollingUpdate` | + +You can override these values in a `values.yaml` file or pass them as flags during installation. + +--- + +### Example `values.yaml` File + +```yaml +diskSize: "10Gi" + +version: "6.2.13" + +# Resource configuration +resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" + memory: "1Gi" +``` + +To use this configuration, save it in a `values.yaml` file and apply it during installation: + +```bash +helm install my-redis zopdev/redis -f values.yaml +``` + +--- + +## Features + +- **Persistence:** Store Redis data across pod restarts using persistent volume claims. +- **Resource Optimization:** Define resource requests and limits to suit your workload and cluster capacity. +- **Rolling Updates:** Ensure zero downtime during updates with the default `RollingUpdate` strategy. +- **Customizable Configurations:** Flexibly tailor the deployment using Helm values. + +--- + +## Advanced Usage + +### Custom Persistent Volume Configuration + +You can customize the persistent volume size and storage class for Redis data by updating the `values.yaml` file: + +```yaml +diskSize: "50Gi" +storageClass: "fast-storage" +``` + +### Scaling Redis + +To scale Redis pods or create replicas, adjust the configuration to enable clustering. For example, use a stateful set for Redis replicas or Sentinel for high availability. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/redis/templates/alerts.yaml b/charts/redis/templates/alerts.yaml index 28c54f32..7223a703 100644 --- a/charts/redis/templates/alerts.yaml +++ b/charts/redis/templates/alerts.yaml @@ -1,49 +1,49 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-redis.rules - rules: - - alert: RedisDown - expr: redis_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'All Redis instances of {{ .Release.Name }} are down' - description: 'Redis instance of {{ .Release.Name }} are down' - - - alert: RedisTooManyConnections - expr: redis_connected_clients{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} / redis_config_maxclients{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} * 100 > 90 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} has too many connections' - description: 'More than 90% of Redis connections are in use for {{ .Release.Name }}' - - - alert: RedisRejectedConnections - expr: increase(redis_rejected_connections_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"}[1m]) > 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} is rejecting connections' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-redis.rules + rules: + - alert: RedisDown + expr: redis_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'All Redis instances of {{ .Release.Name }} are down' + description: 'Redis instance of {{ .Release.Name }} are down' + + - alert: RedisTooManyConnections + expr: redis_connected_clients{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} / redis_config_maxclients{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} * 100 > 90 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} has too many connections' + description: 'More than 90% of Redis connections are in use for {{ .Release.Name }}' + + - alert: RedisRejectedConnections + expr: increase(redis_rejected_connections_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"}[1m]) > 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} is rejecting connections' description: 'Some Redis connections were rejected in {{ .Release.Name }}' \ No newline at end of file diff --git a/charts/redis/templates/configmap.yaml b/charts/redis/templates/configmap.yaml index ef0f6bf8..55d45c7d 100644 --- a/charts/redis/templates/configmap.yaml +++ b/charts/redis/templates/configmap.yaml @@ -1,20 +1,20 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-redis-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - master.conf: | - bind 0.0.0.0 - protected-mode yes - port 6379 - tcp-backlog 511 - timeout 0 - tcp-keepalive 300 - daemonize no - supervised no - pidfile /var/run/redis_6379.pid - loglevel notice +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-redis-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + master.conf: | + bind 0.0.0.0 + protected-mode yes + port 6379 + tcp-backlog 511 + timeout 0 + tcp-keepalive 300 + daemonize no + supervised no + pidfile /var/run/redis_6379.pid + loglevel notice logfile "" \ No newline at end of file diff --git a/charts/redis/templates/headless-svc.yaml b/charts/redis/templates/headless-svc.yaml index 47df0a38..fb2eb6fc 100644 --- a/charts/redis/templates/headless-svc.yaml +++ b/charts/redis/templates/headless-svc.yaml @@ -1,19 +1,19 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}-redis-headless-service" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - - name: metrics-port - port: 2121 - targetPort: 2121 - selector: +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}-redis-headless-service" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: 6379 + - name: metrics-port + port: 2121 + targetPort: 2121 + selector: app: {{ .Release.Name }}-redis \ No newline at end of file diff --git a/charts/redis/templates/service-config-map.yaml b/charts/redis/templates/service-config-map.yaml index 2817a54d..91fa0edb 100644 --- a/charts/redis/templates/service-config-map.yaml +++ b/charts/redis/templates/service-config-map.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-redis-service-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - REDIS_PORT: "6379" - REDIS_HOST: "{{ .Release.Name }}-redis-headless-service" +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-redis-service-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + REDIS_PORT: "6379" + REDIS_HOST: "{{ .Release.Name }}-redis-headless-service" REDIS_URL: {{ printf "redis://%s-redis-headless-service:6379" .Release.Name }} \ No newline at end of file diff --git a/charts/redis/templates/serviceMonitor.yaml b/charts/redis/templates/serviceMonitor.yaml index 8055d69f..7450d315 100644 --- a/charts/redis/templates/serviceMonitor.yaml +++ b/charts/redis/templates/serviceMonitor.yaml @@ -1,15 +1,15 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-redis - labels: - app: {{ .Release.Name }}-redis - release: prometheus -spec: - selector: - matchLabels: - app.kubernetes.io/component: master - endpoints: - - port: metrics-port - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-redis + labels: + app: {{ .Release.Name }}-redis + release: prometheus +spec: + selector: + matchLabels: + app.kubernetes.io/component: master + endpoints: + - port: metrics-port + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/redis/templates/statefulset.yaml b/charts/redis/templates/statefulset.yaml index 1155300b..b31eecf2 100644 --- a/charts/redis/templates/statefulset.yaml +++ b/charts/redis/templates/statefulset.yaml @@ -1,93 +1,93 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-redis - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/part-of: redis - app: {{ .Release.Name }}-redis -spec: - replicas: 1 - serviceName: "{{ .Release.Name }}-redis-headless-service" - selector: - matchLabels: - app.kubernetes.io/part-of: redis - app: {{ .Release.Name }}-redis - updateStrategy: - type: "RollingUpdate" - template: - metadata: - labels: - app.kubernetes.io/part-of: redis - app: {{ .Release.Name }}-redis - spec: - containers: - - name: redis - image: "redis:{{ .Values.version}}" - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu}} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - env: - - name: REDIS_PORT - value: "6379" - ports: - - containerPort: 3306 - livenessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 5 - periodSeconds: 10 - - - volumeMounts: - - name: {{.Release.Name }}-redis-persistent-storage - mountPath: /var/lib/redis - - - name: redis-exporter - image: oliver006/redis_exporter:v1.74.0 - ports: - - containerPort: 2121 - name: metrics - env: - - name: REDIS_ADDR - value: "redis://localhost:6379" - - name: REDIS_EXPORTER_DEBUG - value: "true" - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: ":2121" - - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS - value: "true" - resources: - requests: - memory: "50Mi" - cpu: "10m" - limits: - memory: "100Mi" - cpu: "50m" - - volumes: - - name: redis-config - configMap: - name: "{{ .Release.Name }}-redis-configmap" - volumeClaimTemplates: - - metadata: - name: {{.Release.Name }}-redis-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.diskSize }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-redis + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: redis + app: {{ .Release.Name }}-redis +spec: + replicas: 1 + serviceName: "{{ .Release.Name }}-redis-headless-service" + selector: + matchLabels: + app.kubernetes.io/part-of: redis + app: {{ .Release.Name }}-redis + updateStrategy: + type: "RollingUpdate" + template: + metadata: + labels: + app.kubernetes.io/part-of: redis + app: {{ .Release.Name }}-redis + spec: + containers: + - name: redis + image: "redis:{{ .Values.version}}" + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu}} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + env: + - name: REDIS_PORT + value: "6379" + ports: + - containerPort: 3306 + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 5 + periodSeconds: 10 + + + volumeMounts: + - name: {{.Release.Name }}-redis-persistent-storage + mountPath: /var/lib/redis + + - name: redis-exporter + image: oliver006/redis_exporter:v1.74.0 + ports: + - containerPort: 2121 + name: metrics + env: + - name: REDIS_ADDR + value: "redis://localhost:6379" + - name: REDIS_EXPORTER_DEBUG + value: "true" + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: ":2121" + - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS + value: "true" + resources: + requests: + memory: "50Mi" + cpu: "10m" + limits: + memory: "100Mi" + cpu: "50m" + + volumes: + - name: redis-config + configMap: + name: "{{ .Release.Name }}-redis-configmap" + volumeClaimTemplates: + - metadata: + name: {{.Release.Name }}-redis-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.diskSize }} diff --git a/charts/redis/values.schema.json b/charts/redis/values.schema.json index 0dd051b6..cdac1339 100644 --- a/charts/redis/values.schema.json +++ b/charts/redis/values.schema.json @@ -1,51 +1,51 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - }, - "diskSize": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "10Gi", - "mutable": true, - "editDisabled": true - }, - "version": { - "type": "string" - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { "type": "string" , "pattern": "^[0-9]+m$", "default": "500m", "mutable": "true"}, - "memory": { "type": "string" , "pattern": "^[0-9]+M$", "default": "256M", "mutable": "true"} - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { "type": "string" , "pattern": "^[0-9]+m$", "default": "1500m", "mutable": "true"}, - "memory": { "type": "string", "pattern": "^[0-9]+Gi$", "default": "1024M", "mutable": "true"} - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - } - }, - "required": ["diskSize", "version", "resources"] -} +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + }, + "diskSize": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "10Gi", + "mutable": true, + "editDisabled": true + }, + "version": { + "type": "string" + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { "type": "string" , "pattern": "^[0-9]+m$", "default": "500m", "mutable": "true"}, + "memory": { "type": "string" , "pattern": "^[0-9]+M$", "default": "256M", "mutable": "true"} + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { "type": "string" , "pattern": "^[0-9]+m$", "default": "1500m", "mutable": "true"}, + "memory": { "type": "string", "pattern": "^[0-9]+Gi$", "default": "1024M", "mutable": "true"} + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + } + }, + "required": ["diskSize", "version", "resources"] +} diff --git a/charts/redis/values.yaml b/charts/redis/values.yaml index a5961f2c..4a3d3e65 100644 --- a/charts/redis/values.yaml +++ b/charts/redis/values.yaml @@ -1,12 +1,12 @@ -diskSize: "10Gi" - -version: "6.2.13" - -# Resource configuration -resources: - requests: - cpu: "500m" - memory: "256M" - limits: - cpu: "1500m" +diskSize: "10Gi" + +version: "6.2.13" + +# Resource configuration +resources: + requests: + cpu: "500m" + memory: "256M" + limits: + cpu: "1500m" memory: "1Gi" \ No newline at end of file diff --git a/charts/redisdistributed/Chart.yaml b/charts/redisdistributed/Chart.yaml index 5bbabcf2..8a599802 100644 --- a/charts/redisdistributed/Chart.yaml +++ b/charts/redisdistributed/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart deploys redis distributed instance -name: redisdistributed -version: 0.0.9 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart deploys redis distributed instance +name: redisdistributed +version: 0.0.9 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/redisdistributed/README.md b/charts/redisdistributed/README.md index db033e83..52128d47 100644 --- a/charts/redisdistributed/README.md +++ b/charts/redisdistributed/README.md @@ -1,191 +1,191 @@ -# Redis Distributed Helm Chart - -This Helm chart deploys a Distributed Redis cluster on Kubernetes with master-slave replication, high availability, and monitoring capabilities. Below is a detailed guide to the configuration options available. - ---- - -## Prerequisites -- Kubernetes 1.19+ -- Helm 3.0+ -- Prometheus Operator (for monitoring and alerts) - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the Redis Distributed Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/redisdistributed -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-redis-distributed zopdev/redisdistributed -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Redis Distributed Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-redis-distributed -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The table below outlines the essential global configuration options. For specific master and slave configurations, refer to their respective sections below. - -### Global Configuration -| Input | Type | Description | Default | -|----------------------|---------|--------------------------------------------|----------------------------| -| `image.registry` | String | Docker registry for the Redis image. | `docker.io` | -| `image.repository` | String | Repository for the Redis image. | `redis` | -| `image.tag` | String | Redis image tag. | `6.2.13` | -| `image.pullPolicy` | String | Image pull policy. | `IfNotPresent` | - ---- - -### Master Configuration - -| Input | Type | Description | Default | -|------------------------------------|---------|------------------------------------------------|------------------| -| `master.resources.requests.cpu` | String | CPU request for the Redis master. | `"100m"` | -| `master.resources.requests.memory` | String | Memory request for the Redis master. | `"500Mi"` | -| `master.resources.limits.cpu` | String | CPU limit for the Redis master. | `"500m"` | -| `master.resources.limits.memory` | String | Memory limit for the Redis master. | `"1000Mi"` | -| `master.persistence.size` | String | Persistent storage size for the master. | `"10Gi"` | -| `master.livenessProbe.enabled` | Bool | Enable liveness probe for the master. | `true` | -| `master.livenessProbe.initialDelaySeconds`| Int| Initial delay for the master liveness probe. | `30` | -| `master.readinessProbe.enabled` | Bool | Enable readiness probe for the master. | `true` | -| `master.readinessProbe.initialDelaySeconds`| Int| Initial delay for the master readiness probe. | `10` | -| `master.service.type` | String | Service type for the master pod. | `ClusterIP` | -| `master.service.port` | Int | Port exposed by the master service. | `6379` | - ---- - -### Slave Configuration - -| Input | Type | Description | Default | -|------------------------------------|---------|------------------------------------------------|------------------| -| `slave.enable` | Bool | Enable slave deployment. | `true` | -| `slave.count` | Int | Number of Redis slave replicas. | `1` | -| `slave.resources.requests.cpu` | String | CPU request for Redis slave pods. | `"100m"` | -| `slave.resources.requests.memory` | String | Memory request for Redis slave pods. | `"500Mi"` | -| `slave.resources.limits.cpu` | String | CPU limit for Redis slave pods. | `"500m"` | -| `slave.resources.limits.memory` | String | Memory limit for Redis slave pods. | `"1000Mi"` | -| `slave.persistence.size` | String | Persistent storage size for slaves. | `"10Gi"` | -| `slave.livenessProbe.enabled` | Bool | Enable liveness probe for the slave pods. | `true` | -| `slave.livenessProbe.initialDelaySeconds`| Int | Initial delay for slave liveness probe. | `30` | -| `slave.readinessProbe.enabled` | Bool | Enable readiness probe for the slave pods. | `true` | -| `slave.readinessProbe.initialDelaySeconds`| Int| Initial delay for slave readiness probe. | `10` | -| `slave.service.type` | String | Service type for slave pods. | `ClusterIP` | -| `slave.service.port` | Int | Port exposed by the slave service. | `6379` | - ---- - -## Example `values.yaml` - -```yaml -version: "6.2.13" - -master: - resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - - persistence: - size: 10Gi - -slave: - enable : true - count: 1 - resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - - persistence: - size: 10Gi -``` - ---- - -## Features -- Deploy Redis master-slave architecture with high availability on Kubernetes. -- Configurable master and slave resources, persistence, and scaling options. -- Built-in health monitoring with liveness and readiness probes. -- Automatic failover and replication management for data reliability. -- Comprehensive monitoring with Redis Exporter and Prometheus integration. -- Customizable service types and ports for flexible networking. -- Rolling updates with zero downtime for seamless deployments. -- Persistent storage for both master and slave nodes. - ---- - -## Monitoring - -The chart includes a Redis Exporter container that exposes metrics on port 2121. These metrics are automatically collected by Prometheus when using the Prometheus Operator. - -Key metrics include: -- Redis instance information -- Connected slaves count -- Memory usage -- Command statistics -- Replication status -- Connection metrics - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Redis Distributed Helm Chart + +This Helm chart deploys a Distributed Redis cluster on Kubernetes with master-slave replication, high availability, and monitoring capabilities. Below is a detailed guide to the configuration options available. + +--- + +## Prerequisites +- Kubernetes 1.19+ +- Helm 3.0+ +- Prometheus Operator (for monitoring and alerts) + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the Redis Distributed Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/redisdistributed +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-redis-distributed zopdev/redisdistributed +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Redis Distributed Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-redis-distributed +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The table below outlines the essential global configuration options. For specific master and slave configurations, refer to their respective sections below. + +### Global Configuration +| Input | Type | Description | Default | +|----------------------|---------|--------------------------------------------|----------------------------| +| `image.registry` | String | Docker registry for the Redis image. | `docker.io` | +| `image.repository` | String | Repository for the Redis image. | `redis` | +| `image.tag` | String | Redis image tag. | `6.2.13` | +| `image.pullPolicy` | String | Image pull policy. | `IfNotPresent` | + +--- + +### Master Configuration + +| Input | Type | Description | Default | +|------------------------------------|---------|------------------------------------------------|------------------| +| `master.resources.requests.cpu` | String | CPU request for the Redis master. | `"100m"` | +| `master.resources.requests.memory` | String | Memory request for the Redis master. | `"500Mi"` | +| `master.resources.limits.cpu` | String | CPU limit for the Redis master. | `"500m"` | +| `master.resources.limits.memory` | String | Memory limit for the Redis master. | `"1000Mi"` | +| `master.persistence.size` | String | Persistent storage size for the master. | `"10Gi"` | +| `master.livenessProbe.enabled` | Bool | Enable liveness probe for the master. | `true` | +| `master.livenessProbe.initialDelaySeconds`| Int| Initial delay for the master liveness probe. | `30` | +| `master.readinessProbe.enabled` | Bool | Enable readiness probe for the master. | `true` | +| `master.readinessProbe.initialDelaySeconds`| Int| Initial delay for the master readiness probe. | `10` | +| `master.service.type` | String | Service type for the master pod. | `ClusterIP` | +| `master.service.port` | Int | Port exposed by the master service. | `6379` | + +--- + +### Slave Configuration + +| Input | Type | Description | Default | +|------------------------------------|---------|------------------------------------------------|------------------| +| `slave.enable` | Bool | Enable slave deployment. | `true` | +| `slave.count` | Int | Number of Redis slave replicas. | `1` | +| `slave.resources.requests.cpu` | String | CPU request for Redis slave pods. | `"100m"` | +| `slave.resources.requests.memory` | String | Memory request for Redis slave pods. | `"500Mi"` | +| `slave.resources.limits.cpu` | String | CPU limit for Redis slave pods. | `"500m"` | +| `slave.resources.limits.memory` | String | Memory limit for Redis slave pods. | `"1000Mi"` | +| `slave.persistence.size` | String | Persistent storage size for slaves. | `"10Gi"` | +| `slave.livenessProbe.enabled` | Bool | Enable liveness probe for the slave pods. | `true` | +| `slave.livenessProbe.initialDelaySeconds`| Int | Initial delay for slave liveness probe. | `30` | +| `slave.readinessProbe.enabled` | Bool | Enable readiness probe for the slave pods. | `true` | +| `slave.readinessProbe.initialDelaySeconds`| Int| Initial delay for slave readiness probe. | `10` | +| `slave.service.type` | String | Service type for slave pods. | `ClusterIP` | +| `slave.service.port` | Int | Port exposed by the slave service. | `6379` | + +--- + +## Example `values.yaml` + +```yaml +version: "6.2.13" + +master: + resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + + persistence: + size: 10Gi + +slave: + enable : true + count: 1 + resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + + persistence: + size: 10Gi +``` + +--- + +## Features +- Deploy Redis master-slave architecture with high availability on Kubernetes. +- Configurable master and slave resources, persistence, and scaling options. +- Built-in health monitoring with liveness and readiness probes. +- Automatic failover and replication management for data reliability. +- Comprehensive monitoring with Redis Exporter and Prometheus integration. +- Customizable service types and ports for flexible networking. +- Rolling updates with zero downtime for seamless deployments. +- Persistent storage for both master and slave nodes. + +--- + +## Monitoring + +The chart includes a Redis Exporter container that exposes metrics on port 2121. These metrics are automatically collected by Prometheus when using the Prometheus Operator. + +Key metrics include: +- Redis instance information +- Connected slaves count +- Memory usage +- Command statistics +- Replication status +- Connection metrics + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/redisdistributed/templates/alerts.yaml b/charts/redisdistributed/templates/alerts.yaml index da070549..e5f543a8 100644 --- a/charts/redisdistributed/templates/alerts.yaml +++ b/charts/redisdistributed/templates/alerts.yaml @@ -1,96 +1,96 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }}-redis - namespace: {{ .Release.Namespace }} - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-redis.rules - rules: - - alert: RedisMissingMaster - expr: (count(redis_instance_info{role="master"}) or vector(0)) < 1 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} missing master' - description: 'Redis instance {{ .Release.Name }} has no node marked as master' - - - alert: RedisTooManyMasters - expr: count(redis_instance_info{role="master"}) > 1 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} has too many masters' - description: 'Redis instance {{ .Release.Name }} has more than one master node' - - - alert: RedisDisconnectedSlaves - expr: count without (instance, job) (redis_connected_slaves) - sum without (instance, job) (redis_connected_slaves) - 1 > 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} has disconnected slaves' - description: 'Redis instance {{ .Release.Name }} is not replicating to all slaves' - - - alert: RedisReplicationBroken - expr: delta(redis_connected_slaves[1m]) < 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} replication broken' - description: 'Redis instance {{ .Release.Name }} lost a slave' - - - alert: RedisClusterFlapping - expr: changes(redis_connected_slaves[1m]) > 1 - for: 2m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} cluster flapping' - description: 'Redis instance {{ .Release.Name }} is experiencing frequent replica connection changes' - - - alert: RedisRejectedConnections - expr: increase(redis_rejected_connections_total[1m]) > 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} rejected connections' - description: 'Redis instance {{ .Release.Name }} has rejected one or more connections' - - - alert: RedisDown - expr: redis_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Redis instance {{ .Release.Name }} is down' - description: 'Redis instance {{ .Release.Name }} is not reachable' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }}-redis + namespace: {{ .Release.Namespace }} + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-redis.rules + rules: + - alert: RedisMissingMaster + expr: (count(redis_instance_info{role="master"}) or vector(0)) < 1 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} missing master' + description: 'Redis instance {{ .Release.Name }} has no node marked as master' + + - alert: RedisTooManyMasters + expr: count(redis_instance_info{role="master"}) > 1 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} has too many masters' + description: 'Redis instance {{ .Release.Name }} has more than one master node' + + - alert: RedisDisconnectedSlaves + expr: count without (instance, job) (redis_connected_slaves) - sum without (instance, job) (redis_connected_slaves) - 1 > 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} has disconnected slaves' + description: 'Redis instance {{ .Release.Name }} is not replicating to all slaves' + + - alert: RedisReplicationBroken + expr: delta(redis_connected_slaves[1m]) < 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} replication broken' + description: 'Redis instance {{ .Release.Name }} lost a slave' + + - alert: RedisClusterFlapping + expr: changes(redis_connected_slaves[1m]) > 1 + for: 2m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} cluster flapping' + description: 'Redis instance {{ .Release.Name }} is experiencing frequent replica connection changes' + + - alert: RedisRejectedConnections + expr: increase(redis_rejected_connections_total[1m]) > 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} rejected connections' + description: 'Redis instance {{ .Release.Name }} has rejected one or more connections' + + - alert: RedisDown + expr: redis_up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-redis-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Redis instance {{ .Release.Name }} is down' + description: 'Redis instance {{ .Release.Name }} is not reachable' diff --git a/charts/redisdistributed/templates/configmap.yaml b/charts/redisdistributed/templates/configmap.yaml index aefac0ba..b926d9db 100644 --- a/charts/redisdistributed/templates/configmap.yaml +++ b/charts/redisdistributed/templates/configmap.yaml @@ -1,16 +1,16 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-redis-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - master.conf: | - dir /data - rename-command FLUSHDB "" - rename-command FLUSHALL "" - - replica.conf: | - dir /data +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-redis-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + master.conf: | + dir /data + rename-command FLUSHDB "" + rename-command FLUSHALL "" + + replica.conf: | + dir /data slave-read-only yes \ No newline at end of file diff --git a/charts/redisdistributed/templates/headless-svc.yaml b/charts/redisdistributed/templates/headless-svc.yaml index 8428b6fa..e99a4414 100644 --- a/charts/redisdistributed/templates/headless-svc.yaml +++ b/charts/redisdistributed/templates/headless-svc.yaml @@ -1,20 +1,20 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}-redis-headless-service" - namespace: {{ .Release.Namespace | quote }} - labels: - app: "{{ .Release.Name }}-redisdistributed-master" - app.kubernetes.io/component: master -spec: - type: ClusterIP - clusterIP: None - ports: - - name: redis - port: 6379 - targetPort: 6379 - - name: metrics-port - port: 2121 - targetPort: 2121 - selector: +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}-redis-headless-service" + namespace: {{ .Release.Namespace | quote }} + labels: + app: "{{ .Release.Name }}-redisdistributed-master" + app.kubernetes.io/component: master +spec: + type: ClusterIP + clusterIP: None + ports: + - name: redis + port: 6379 + targetPort: 6379 + - name: metrics-port + port: 2121 + targetPort: 2121 + selector: app: "{{ .Release.Name }}-redisdistributed-master" \ No newline at end of file diff --git a/charts/redisdistributed/templates/service-config-map.yaml b/charts/redisdistributed/templates/service-config-map.yaml index 7e15bbda..2099bc14 100644 --- a/charts/redisdistributed/templates/service-config-map.yaml +++ b/charts/redisdistributed/templates/service-config-map.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-redis-values-configmap" - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: master -data: - REDIS_PORT: "6379" - REDIS_HOST: "{{ .Release.Name }}-redis-headless-service" +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-redis-values-configmap" + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: master +data: + REDIS_PORT: "6379" + REDIS_HOST: "{{ .Release.Name }}-redis-headless-service" REDIS_URL: {{ printf "redis://%s-redis-headless-service:6379" .Release.Name }} \ No newline at end of file diff --git a/charts/redisdistributed/templates/serviceMonitor.yaml b/charts/redisdistributed/templates/serviceMonitor.yaml index 0053e1cd..f3f50810 100644 --- a/charts/redisdistributed/templates/serviceMonitor.yaml +++ b/charts/redisdistributed/templates/serviceMonitor.yaml @@ -1,14 +1,14 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-redis - labels: - release: prometheus -spec: - selector: - matchLabels: - app: "{{ .Release.Name }}-redisdistributed" - endpoints: - - port: metrics-port - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-redis + labels: + release: prometheus +spec: + selector: + matchLabels: + app: "{{ .Release.Name }}-redisdistributed" + endpoints: + - port: metrics-port + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/redisdistributed/templates/statefulset-master.yaml b/charts/redisdistributed/templates/statefulset-master.yaml index 758064ad..5a9dcfaf 100644 --- a/charts/redisdistributed/templates/statefulset-master.yaml +++ b/charts/redisdistributed/templates/statefulset-master.yaml @@ -1,109 +1,109 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-redisdistributed-master - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed-master" -spec: - replicas: 1 - serviceName: "{{ .Release.Name }}-redis-headless-service" - selector: - matchLabels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed-master" - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed-master" - spec: - containers: - - name: redis - image: "redis:{{ .Values.version }}" - command: - - /bin/bash - - -c - - | - if [[ ! -f /etc/redis/master.conf ]];then - cp /etc/redis/mounted-etc/master.conf /etc/redis/master.conf - fi - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/etc/redis/master.conf") - redis-server "${ARGS[@]}" - resources: - requests: - memory: {{ .Values.master.resources.requests.memory }} - cpu: {{ .Values.master.resources.requests.cpu }} - limits: - memory: {{ .Values.master.resources.limits.memory }} - cpu: {{ .Values.master.resources.limits.cpu }} - env: - - name: REDIS_REPLICATION_MODE - value: master - - name: REDIS_PORT - value: "6379" - ports: - - name: redis - containerPort: 6379 - livenessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - readinessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - volumeMounts: - - name: {{ .Release.Name }}-redis-persistent-storage - mountPath: /data - - name: redis-config - mountPath: /etc/redis/mounted-etc - - name: redis-exporter - image: oliver006/redis_exporter:v1.74.0 - ports: - - containerPort: 2121 - name: metrics - env: - - name: REDIS_ADDR - value: "redis://localhost:6379" - - name: REDIS_EXPORTER_DEBUG - value: "true" - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: ":2121" - - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS - value: "true" - resources: - requests: - memory: "50Mi" - cpu: "10m" - limits: - memory: "100Mi" - cpu: "50m" - volumes: - - name: redis-config - configMap: - name: "{{ .Release.Name }}-redis-configmap" - volumeClaimTemplates: - - metadata: - name: {{ .Release.Name }}-redis-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-redisdistributed-master + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed-master" +spec: + replicas: 1 + serviceName: "{{ .Release.Name }}-redis-headless-service" + selector: + matchLabels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed-master" + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed-master" + spec: + containers: + - name: redis + image: "redis:{{ .Values.version }}" + command: + - /bin/bash + - -c + - | + if [[ ! -f /etc/redis/master.conf ]];then + cp /etc/redis/mounted-etc/master.conf /etc/redis/master.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/etc/redis/master.conf") + redis-server "${ARGS[@]}" + resources: + requests: + memory: {{ .Values.master.resources.requests.memory }} + cpu: {{ .Values.master.resources.requests.cpu }} + limits: + memory: {{ .Values.master.resources.limits.memory }} + cpu: {{ .Values.master.resources.limits.cpu }} + env: + - name: REDIS_REPLICATION_MODE + value: master + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeMounts: + - name: {{ .Release.Name }}-redis-persistent-storage + mountPath: /data + - name: redis-config + mountPath: /etc/redis/mounted-etc + - name: redis-exporter + image: oliver006/redis_exporter:v1.74.0 + ports: + - containerPort: 2121 + name: metrics + env: + - name: REDIS_ADDR + value: "redis://localhost:6379" + - name: REDIS_EXPORTER_DEBUG + value: "true" + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: ":2121" + - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS + value: "true" + resources: + requests: + memory: "50Mi" + cpu: "10m" + limits: + memory: "100Mi" + cpu: "50m" + volumes: + - name: redis-config + configMap: + name: "{{ .Release.Name }}-redis-configmap" + volumeClaimTemplates: + - metadata: + name: {{ .Release.Name }}-redis-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: storage: {{ .Values.master.persistence.size }} \ No newline at end of file diff --git a/charts/redisdistributed/templates/statefulset-slave.yaml b/charts/redisdistributed/templates/statefulset-slave.yaml index 434743cd..f4f61cfe 100644 --- a/charts/redisdistributed/templates/statefulset-slave.yaml +++ b/charts/redisdistributed/templates/statefulset-slave.yaml @@ -1,120 +1,120 @@ -{{- if .Values.slave.enable }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-redisdistributed-slave - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed" -spec: - replicas: {{ .Values.slave.count }} - serviceName: "{{ .Release.Name }}-redis-headless-service" - selector: - matchLabels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed" - updateStrategy: - type: "RollingUpdate" - template: - metadata: - labels: - app.kubernetes.io/part-of: redis - app: "{{ .Release.Name }}-redisdistributed" - spec: - containers: - - name: redis - image: "redis:{{ .Values.version }}" - command: - - /bin/bash - - -c - - | - if [[ ! -f /etc/redis/replica.conf ]]; then - cp /etc/redis/mounted-etc/replica.conf /etc/redis/replica.conf - fi - until redis-cli -h "${REDIS_MASTER_HOST}" -p "${REDIS_MASTER_PORT_NUMBER}" ping; do - echo "Waiting for Redis master to be available..." - sleep 5 - done - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/etc/redis/replica.conf") - redis-server "${ARGS[@]}" - resources: - requests: - memory: {{ .Values.slave.resources.requests.memory }} - cpu: {{ .Values.slave.resources.requests.cpu }} - limits: - memory: {{ .Values.slave.resources.limits.memory }} - cpu: {{ .Values.slave.resources.limits.cpu }} - env: - - name: REDIS_REPLICATION_MODE - value: slave - - name: REDIS_MASTER_HOST - value: "{{ .Release.Name }}-redis-headless-service" - - name: REDIS_PORT - value: "6379" - - name: REDIS_MASTER_PORT_NUMBER - value: "6379" - ports: - - name: redis - containerPort: 6379 - livenessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - readinessProbe: - exec: - command: - - redis-cli - - ping - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - volumeMounts: - - name: {{ .Release.Name }}-redis-persistent-storage - mountPath: /data - - name: redis-config - mountPath: /etc/redis/mounted-etc - - name: redis-exporter - image: oliver006/redis_exporter:v1.74.0 - ports: - - containerPort: 2121 - name: metrics - env: - - name: REDIS_ADDR - value: "redis://localhost:6379" - - name: REDIS_EXPORTER_DEBUG - value: "true" - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: ":2121" - - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS - value: "true" - resources: - requests: - memory: "50Mi" - cpu: "10m" - limits: - memory: "100Mi" - cpu: "50m" - volumes: - - name: redis-config - configMap: - name: "{{ .Release.Name }}-redis-configmap" - volumeClaimTemplates: - - metadata: - name: {{ .Release.Name }}-redis-persistent-storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.slave.persistence.size }} +{{- if .Values.slave.enable }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-redisdistributed-slave + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed" +spec: + replicas: {{ .Values.slave.count }} + serviceName: "{{ .Release.Name }}-redis-headless-service" + selector: + matchLabels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed" + updateStrategy: + type: "RollingUpdate" + template: + metadata: + labels: + app.kubernetes.io/part-of: redis + app: "{{ .Release.Name }}-redisdistributed" + spec: + containers: + - name: redis + image: "redis:{{ .Values.version }}" + command: + - /bin/bash + - -c + - | + if [[ ! -f /etc/redis/replica.conf ]]; then + cp /etc/redis/mounted-etc/replica.conf /etc/redis/replica.conf + fi + until redis-cli -h "${REDIS_MASTER_HOST}" -p "${REDIS_MASTER_PORT_NUMBER}" ping; do + echo "Waiting for Redis master to be available..." + sleep 5 + done + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/etc/redis/replica.conf") + redis-server "${ARGS[@]}" + resources: + requests: + memory: {{ .Values.slave.resources.requests.memory }} + cpu: {{ .Values.slave.resources.requests.cpu }} + limits: + memory: {{ .Values.slave.resources.limits.memory }} + cpu: {{ .Values.slave.resources.limits.cpu }} + env: + - name: REDIS_REPLICATION_MODE + value: slave + - name: REDIS_MASTER_HOST + value: "{{ .Release.Name }}-redis-headless-service" + - name: REDIS_PORT + value: "6379" + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeMounts: + - name: {{ .Release.Name }}-redis-persistent-storage + mountPath: /data + - name: redis-config + mountPath: /etc/redis/mounted-etc + - name: redis-exporter + image: oliver006/redis_exporter:v1.74.0 + ports: + - containerPort: 2121 + name: metrics + env: + - name: REDIS_ADDR + value: "redis://localhost:6379" + - name: REDIS_EXPORTER_DEBUG + value: "true" + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: ":2121" + - name: REDIS_EXPORTER_EXCLUDE_LATENCY_HISTOGRAM_METRICS + value: "true" + resources: + requests: + memory: "50Mi" + cpu: "10m" + limits: + memory: "100Mi" + cpu: "50m" + volumes: + - name: redis-config + configMap: + name: "{{ .Release.Name }}-redis-configmap" + volumeClaimTemplates: + - metadata: + name: {{ .Release.Name }}-redis-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.slave.persistence.size }} {{- end }} \ No newline at end of file diff --git a/charts/redisdistributed/values.schema.json b/charts/redisdistributed/values.schema.json index 3a91d314..67f6d34f 100644 --- a/charts/redisdistributed/values.schema.json +++ b/charts/redisdistributed/values.schema.json @@ -1,145 +1,145 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "6.2.13" - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - }, - "master": { - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "mutable": true, - "default": "100m" - }, - "memory": { - "type": "string", - "mutable": true, - "default": "500Mi" - } - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "mutable": true, - "default": "500m" - }, - "memory": { - "type": "string", - "mutable": true, - "default": "1000Mi" - } - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "mutable": true, - "default": "10Gi", - "editDisabled": true - } - }, - "required": ["size"] - } - }, - "required": ["resources", "persistence"] - }, - "slave": { - "type": "object", - "properties": { - "enable": { - "type": "boolean", - "mutable": true, - "default": true - }, - "count": { - "type": "integer", - "mutable": true, - "default": 1 - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "mutable": true, - "default": "100m" - }, - "memory": { - "type": "string", - "mutable": true, - "default": "500Mi" - } - }, - "required": ["cpu", "memory"] - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "mutable": true, - "default": "500m" - }, - "memory": { - "type": "string", - "mutable": true, - "default": "1000Mi" - } - }, - "required": ["cpu", "memory"] - } - }, - "required": ["requests", "limits"] - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "mutable": true, - "default": "10Gi", - "editDisabled": true - } - }, - "required": ["size"] - } - }, - "required": ["enable", "count", "resources", "persistence"] - } - }, - "required": ["version", "master", "slave"] +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "6.2.13" + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + }, + "master": { + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true, + "default": "100m" + }, + "memory": { + "type": "string", + "mutable": true, + "default": "500Mi" + } + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true, + "default": "500m" + }, + "memory": { + "type": "string", + "mutable": true, + "default": "1000Mi" + } + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "mutable": true, + "default": "10Gi", + "editDisabled": true + } + }, + "required": ["size"] + } + }, + "required": ["resources", "persistence"] + }, + "slave": { + "type": "object", + "properties": { + "enable": { + "type": "boolean", + "mutable": true, + "default": true + }, + "count": { + "type": "integer", + "mutable": true, + "default": 1 + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true, + "default": "100m" + }, + "memory": { + "type": "string", + "mutable": true, + "default": "500Mi" + } + }, + "required": ["cpu", "memory"] + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true, + "default": "500m" + }, + "memory": { + "type": "string", + "mutable": true, + "default": "1000Mi" + } + }, + "required": ["cpu", "memory"] + } + }, + "required": ["requests", "limits"] + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "mutable": true, + "default": "10Gi", + "editDisabled": true + } + }, + "required": ["size"] + } + }, + "required": ["enable", "count", "resources", "persistence"] + } + }, + "required": ["version", "master", "slave"] } \ No newline at end of file diff --git a/charts/redisdistributed/values.yaml b/charts/redisdistributed/values.yaml index 01fb6eda..0cbdb0f5 100644 --- a/charts/redisdistributed/values.yaml +++ b/charts/redisdistributed/values.yaml @@ -1,27 +1,27 @@ -version: "6.2.13" - -master: - resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - - persistence: - size: 10Gi - -slave: - enable : true - count: 1 - resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - - persistence: +version: "6.2.13" + +master: + resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + + persistence: + size: 10Gi + +slave: + enable : true + count: 1 + resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + + persistence: size: 10Gi \ No newline at end of file diff --git a/charts/scylladb/Chart.yaml b/charts/scylladb/Chart.yaml index 8b2551cc..21970d42 100644 --- a/charts/scylladb/Chart.yaml +++ b/charts/scylladb/Chart.yaml @@ -1,9 +1,9 @@ -apiVersion: v1 -appVersion: "1.0" -description: Helm chart for deploying ScyllaDB -name: scylladb -version: 0.0.1 -icon: "https://zop.dev/logo.png" -maintainers: - - name: ZopDev +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for deploying ScyllaDB +name: scylladb +version: 0.0.1 +icon: "https://zop.dev/logo.png" +maintainers: + - name: ZopDev url: zop.dev \ No newline at end of file diff --git a/charts/scylladb/README.md b/charts/scylladb/README.md index 632c7097..bdceb78b 100644 --- a/charts/scylladb/README.md +++ b/charts/scylladb/README.md @@ -1,148 +1,148 @@ -# ScyllaDB Helm Chart - -This Helm chart deploys a ScyllaDB cluster on Kubernetes with high performance and scalability. ScyllaDB is a highly-performant NoSQL database compatible with Apache Cassandra, designed for high throughput and low latency. - ---- - -## Prerequisites -- Kubernetes 1.19+ -- Helm 3.0+ - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the ScyllaDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/scylladb -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-scylladb zopdev/scylladb -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the ScyllaDB Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-scylladb -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The ScyllaDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|--------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `image` | `string` | Docker image and tag for the ScyllaDB container. | `scylladb/scylla:latest` | -| `pullPolicy` | `string` | Image pull policy for the ScyllaDB container. | `IfNotPresent` | -| `config.cluster_name` | `string` | Name of the ScyllaDB cluster. | `"Cluster"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the ScyllaDB container. | `"1Gi"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the ScyllaDB container. | `"500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the ScyllaDB container can use. | `"2Gi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the ScyllaDB container can use. | `"1000m"` | -| `diskSize` | `string` | Size of the persistent volume for storing ScyllaDB data. | `"10Gi"` | -| `scylladbRootPassword` | `string` | Root password for ScyllaDB authentication. | `""` (auto-generated)| - -You can override these values in a `values.yaml` file or via the command line during installation. - ---- - -## Example `values.yaml` - -```yaml -image: "scylladb/scylla:latest" -pullPolicy: IfNotPresent - -resources: - requests: - memory: "1Gi" - cpu: "500m" - limits: - memory: "2Gi" - cpu: "1000m" - -diskSize: "10Gi" - -config: - cluster_name: "MyCluster" - -scylladbRootPassword: "my-secure-password" - -services: -``` - ---- - -## Features -- Deploy ScyllaDB cluster with high performance and scalability. -- Automatic system tuning for optimal performance. -- Built-in authentication and authorization. -- Persistent storage with configurable disk size. -- Health monitoring with liveness and readiness probes. -- Prometheus metrics integration for monitoring. -- Automatic seed node configuration for cluster formation. -- Configurable resource limits and requests. - ---- - -## Architecture - -The ScyllaDB deployment includes: -- StatefulSet for stable network identities and persistent storage -- Service for cluster communication -- ConfigMap for ScyllaDB configuration -- Secret for secure password storage -- Init container for system tuning -- Health checks for monitoring - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# ScyllaDB Helm Chart + +This Helm chart deploys a ScyllaDB cluster on Kubernetes with high performance and scalability. ScyllaDB is a highly-performant NoSQL database compatible with Apache Cassandra, designed for high throughput and low latency. + +--- + +## Prerequisites +- Kubernetes 1.19+ +- Helm 3.0+ + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the ScyllaDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/scylladb +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-scylladb zopdev/scylladb +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the ScyllaDB Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-scylladb +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The ScyllaDB Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `image` | `string` | Docker image and tag for the ScyllaDB container. | `scylladb/scylla:latest` | +| `pullPolicy` | `string` | Image pull policy for the ScyllaDB container. | `IfNotPresent` | +| `config.cluster_name` | `string` | Name of the ScyllaDB cluster. | `"Cluster"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the ScyllaDB container. | `"1Gi"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the ScyllaDB container. | `"500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the ScyllaDB container can use. | `"2Gi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the ScyllaDB container can use. | `"1000m"` | +| `diskSize` | `string` | Size of the persistent volume for storing ScyllaDB data. | `"10Gi"` | +| `scylladbRootPassword` | `string` | Root password for ScyllaDB authentication. | `""` (auto-generated)| + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +## Example `values.yaml` + +```yaml +image: "scylladb/scylla:latest" +pullPolicy: IfNotPresent + +resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +diskSize: "10Gi" + +config: + cluster_name: "MyCluster" + +scylladbRootPassword: "my-secure-password" + +services: +``` + +--- + +## Features +- Deploy ScyllaDB cluster with high performance and scalability. +- Automatic system tuning for optimal performance. +- Built-in authentication and authorization. +- Persistent storage with configurable disk size. +- Health monitoring with liveness and readiness probes. +- Prometheus metrics integration for monitoring. +- Automatic seed node configuration for cluster formation. +- Configurable resource limits and requests. + +--- + +## Architecture + +The ScyllaDB deployment includes: +- StatefulSet for stable network identities and persistent storage +- Service for cluster communication +- ConfigMap for ScyllaDB configuration +- Secret for secure password storage +- Init container for system tuning +- Health checks for monitoring + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/scylladb/templates/configmap.yaml b/charts/scylladb/templates/configmap.yaml index ac2696e6..9d578002 100644 --- a/charts/scylladb/templates/configmap.yaml +++ b/charts/scylladb/templates/configmap.yaml @@ -1,13 +1,13 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-scylladb-configmap - namespace: {{ $.Release.Namespace }} -data: - SCYLLADB_HOST: {{ $.Release.Name }}-scylladb - SCYLLADB_KEYSPACE: "{{ $service.database }}" - SCYLLADB_PORT: "9042" - SCYLLADB_USERNAME: "{{ $service.name }}-user" ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-scylladb-configmap + namespace: {{ $.Release.Namespace }} +data: + SCYLLADB_HOST: {{ $.Release.Name }}-scylladb + SCYLLADB_KEYSPACE: "{{ $service.database }}" + SCYLLADB_PORT: "9042" + SCYLLADB_USERNAME: "{{ $service.name }}-user" +--- {{- end }} \ No newline at end of file diff --git a/charts/scylladb/templates/database-pod.yaml b/charts/scylladb/templates/database-pod.yaml index 8bde6602..e6c93242 100644 --- a/charts/scylladb/templates/database-pod.yaml +++ b/charts/scylladb/templates/database-pod.yaml @@ -1,35 +1,35 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-scylladb-init - namespace: {{ $.Release.Namespace }} -spec: - containers: - - name: scylladb-init - image: {{ $.Values.image }} - command: - - /bin/bash - - -c - - | - until cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb; do - echo "Waiting for ScyllaDB to be ready..." - sleep 5 - done - cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb -e "SOURCE '/etc/config/init-schema.cql';" - env: - - name: SCYLLADB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-scylladb-database-secret - key: pod_password - volumeMounts: - - name: script-volume - mountPath: /etc/config - volumes: - - name: script-volume - configMap: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - restartPolicy: OnFailure ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-scylladb-init + namespace: {{ $.Release.Namespace }} +spec: + containers: + - name: scylladb-init + image: {{ $.Values.image }} + command: + - /bin/bash + - -c + - | + until cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb; do + echo "Waiting for ScyllaDB to be ready..." + sleep 5 + done + cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb -e "SOURCE '/etc/config/init-schema.cql';" + env: + - name: SCYLLADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-scylladb-database-secret + key: pod_password + volumeMounts: + - name: script-volume + mountPath: /etc/config + volumes: + - name: script-volume + configMap: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + restartPolicy: OnFailure +--- {{- end}} \ No newline at end of file diff --git a/charts/scylladb/templates/database-secret.yaml b/charts/scylladb/templates/database-secret.yaml index ac4f5647..c78ec527 100644 --- a/charts/scylladb/templates/database-secret.yaml +++ b/charts/scylladb/templates/database-secret.yaml @@ -1,11 +1,11 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name}}-scylladb-database-secret - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - SCYLLADB_PASSWORD: {{ $service.password | b64enc }} ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name}}-scylladb-database-secret + namespace: {{ $.Release.Namespace }} +type: Opaque +data: + SCYLLADB_PASSWORD: {{ $service.password | b64enc }} +--- {{- end }} \ No newline at end of file diff --git a/charts/scylladb/templates/init-script-config-map.yaml b/charts/scylladb/templates/init-script-config-map.yaml index f1370e15..16c671ed 100644 --- a/charts/scylladb/templates/init-script-config-map.yaml +++ b/charts/scylladb/templates/init-script-config-map.yaml @@ -1,16 +1,16 @@ -{{- range $index, $service := .Values.services }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-{{ $service.name }}-init-script - namespace: {{ $.Release.Namespace }} -data: - init-schema.cql: | - CREATE KEYSPACE IF NOT EXISTS "{{ $service.database }}" - WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 3}; - - USE "{{ $service.database }}"; - CREATE ROLE IF NOT EXISTS "{{ $service.name }}-user" WITH PASSWORD = '{{ $service.password }}' AND LOGIN = true; - GRANT ALL PERMISSIONS ON KEYSPACE "{{ $service.database }}" TO "{{ $service.name }}-user"; ---- +{{- range $index, $service := .Values.services }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-{{ $service.name }}-init-script + namespace: {{ $.Release.Namespace }} +data: + init-schema.cql: | + CREATE KEYSPACE IF NOT EXISTS "{{ $service.database }}" + WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 3}; + + USE "{{ $service.database }}"; + CREATE ROLE IF NOT EXISTS "{{ $service.name }}-user" WITH PASSWORD = '{{ $service.password }}' AND LOGIN = true; + GRANT ALL PERMISSIONS ON KEYSPACE "{{ $service.database }}" TO "{{ $service.name }}-user"; +--- {{- end }} \ No newline at end of file diff --git a/charts/scylladb/templates/secret.yaml b/charts/scylladb/templates/secret.yaml index 0ca44fbb..9d617f4a 100644 --- a/charts/scylladb/templates/secret.yaml +++ b/charts/scylladb/templates/secret.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ $.Release.Name }}-scylladb-database-secret - namespace: {{ .Release.Namespace }} -type: Opaque -data: +apiVersion: v1 +kind: Secret +metadata: + name: {{ $.Release.Name }}-scylladb-database-secret + namespace: {{ .Release.Namespace }} +type: Opaque +data: pod_password: {{ .Values.scylladbRootPassword | b64enc }} \ No newline at end of file diff --git a/charts/scylladb/templates/service.yaml b/charts/scylladb/templates/service.yaml index 5c113c46..07fa1e56 100644 --- a/charts/scylladb/templates/service.yaml +++ b/charts/scylladb/templates/service.yaml @@ -1,14 +1,14 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-scylladb - labels: - app: {{ $.Release.Name }}-scylladb -spec: - type: ClusterIP - clusterIP: None - ports: - - port: 9042 - targetPort: 9042 - selector: +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-scylladb + labels: + app: {{ $.Release.Name }}-scylladb +spec: + type: ClusterIP + clusterIP: None + ports: + - port: 9042 + targetPort: 9042 + selector: app: {{ $.Release.Name }}-scylladb \ No newline at end of file diff --git a/charts/scylladb/templates/statefulset.yaml b/charts/scylladb/templates/statefulset.yaml index 413f42ef..ef1931e6 100644 --- a/charts/scylladb/templates/statefulset.yaml +++ b/charts/scylladb/templates/statefulset.yaml @@ -1,113 +1,113 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $.Release.Name }}-scylladb - labels: - app: {{ $.Release.Name }}-scylladb -spec: - replicas: 1 - serviceName: {{ $.Release.Name }}-scylladb - selector: - matchLabels: - app: {{ $.Release.Name }}-scylladb - template: - metadata: - labels: - app: {{ $.Release.Name }}-scylladb - spec: - initContainers: - - name: sysctl-tune - image: busybox:1.35.0-uclibc - command: - - "sh" - - "-c" - - "sysctl -w fs.aio-max-nr=524288" - securityContext: - privileged: true - containers: - - name: scylladb - image: {{ .Values.image }} - imagePullPolicy: {{ .Values.pullPolicy }} - command: ["/bin/bash", "-c", "--"] - args: - - | - sed -i "s/#cluster_name: .*/cluster_name: '${CLUSTER_NAME}'/" /etc/scylla/scylla.yaml - sed -i 's/# data_file_directories:/data_file_directories:/' /etc/scylla/scylla.yaml - sed -i 's/# - \/var\/lib\/scylla\/data/ - \/var\/lib\/scylla\/data/' /etc/scylla/scylla.yaml - sed -i 's/# commitlog_directory: \/var\/lib\/scylla\/commitlog/commitlog_directory: \/var\/lib\/scylla\/commitlog/' /etc/scylla/scylla.yaml - - # Modify the seeds in scylla.yaml by replacing "127.0.0.1" with the SCYLLA_SEEDS value - sed -i "s/seeds: \"127.0.0.1\"/seeds: '${SCYLLA_SEEDS}'/" /etc/scylla/scylla.yaml - - # Modify Authenticator and Authorizer - sed -i "s/# authenticator: AllowAllAuthenticator/authenticator: '${SCYLLA_AUTHENTICATOR}'/" /etc/scylla/scylla.yaml - sed -i "s/# authorizer: AllowAllAuthorizer/authorizer: '${SCYLLA_AUTHORIZER}'/" /etc/scylla/scylla.yaml - - # Modify listen_address to the Helm release name - sed -i "s/listen_address: localhost/listen_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml - - # Modify rpc_address to listen on all interfaces - sed -i "s/rpc_address: localhost/rpc_address: '0.0.0.0'/" /etc/scylla/scylla.yaml - - # Set broadcast_rpc_address to Helm release name for correct node discovery - sed -i "s/# broadcast_rpc_address: 1.2.3.4/broadcast_rpc_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml - - # Enable Prometheus metrics on port 9180 - sed -i 's/# prometheus_port: 9180/prometheus_port: 9180/' /etc/scylla/scylla.yaml - # Start ScyllaDB in the background - exec /docker-entrypoint.py - ports: - - containerPort: 9042 - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - env: - - name: SCYLLA_SEEDS - value: "{{ $.Release.Name }}-scylladb-0.{{ $.Release.Name }}-scylladb.{{ $.Release.Namespace }}.svc.cluster.local" - - name: SCYLLA_AUTHENTICATOR - value: "PasswordAuthenticator" - - name: SCYLLA_AUTHORIZER - value: "CassandraAuthorizer" - - name: CLUSTER_NAME - value: "Cluster" - - name: SCYLLA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-scylladb-database-secret - key: pod_password - livenessProbe: - exec: - command: - - sh - - -c - - "nodetool status" - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 15 - failureThreshold: 3 - readinessProbe: - exec: - command: - - sh - - -c - - "nodetool status" - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 15 - failureThreshold: 3 - volumeMounts: - - name: {{ $.Release.Name }}-scylla-data - mountPath: /var/lib/scylla - volumeClaimTemplates: - - metadata: - name: {{ $.Release.Name }}-scylla-data - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.diskSize }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $.Release.Name }}-scylladb + labels: + app: {{ $.Release.Name }}-scylladb +spec: + replicas: 1 + serviceName: {{ $.Release.Name }}-scylladb + selector: + matchLabels: + app: {{ $.Release.Name }}-scylladb + template: + metadata: + labels: + app: {{ $.Release.Name }}-scylladb + spec: + initContainers: + - name: sysctl-tune + image: busybox:1.35.0-uclibc + command: + - "sh" + - "-c" + - "sysctl -w fs.aio-max-nr=524288" + securityContext: + privileged: true + containers: + - name: scylladb + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/bin/bash", "-c", "--"] + args: + - | + sed -i "s/#cluster_name: .*/cluster_name: '${CLUSTER_NAME}'/" /etc/scylla/scylla.yaml + sed -i 's/# data_file_directories:/data_file_directories:/' /etc/scylla/scylla.yaml + sed -i 's/# - \/var\/lib\/scylla\/data/ - \/var\/lib\/scylla\/data/' /etc/scylla/scylla.yaml + sed -i 's/# commitlog_directory: \/var\/lib\/scylla\/commitlog/commitlog_directory: \/var\/lib\/scylla\/commitlog/' /etc/scylla/scylla.yaml + + # Modify the seeds in scylla.yaml by replacing "127.0.0.1" with the SCYLLA_SEEDS value + sed -i "s/seeds: \"127.0.0.1\"/seeds: '${SCYLLA_SEEDS}'/" /etc/scylla/scylla.yaml + + # Modify Authenticator and Authorizer + sed -i "s/# authenticator: AllowAllAuthenticator/authenticator: '${SCYLLA_AUTHENTICATOR}'/" /etc/scylla/scylla.yaml + sed -i "s/# authorizer: AllowAllAuthorizer/authorizer: '${SCYLLA_AUTHORIZER}'/" /etc/scylla/scylla.yaml + + # Modify listen_address to the Helm release name + sed -i "s/listen_address: localhost/listen_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml + + # Modify rpc_address to listen on all interfaces + sed -i "s/rpc_address: localhost/rpc_address: '0.0.0.0'/" /etc/scylla/scylla.yaml + + # Set broadcast_rpc_address to Helm release name for correct node discovery + sed -i "s/# broadcast_rpc_address: 1.2.3.4/broadcast_rpc_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml + + # Enable Prometheus metrics on port 9180 + sed -i 's/# prometheus_port: 9180/prometheus_port: 9180/' /etc/scylla/scylla.yaml + # Start ScyllaDB in the background + exec /docker-entrypoint.py + ports: + - containerPort: 9042 + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + env: + - name: SCYLLA_SEEDS + value: "{{ $.Release.Name }}-scylladb-0.{{ $.Release.Name }}-scylladb.{{ $.Release.Namespace }}.svc.cluster.local" + - name: SCYLLA_AUTHENTICATOR + value: "PasswordAuthenticator" + - name: SCYLLA_AUTHORIZER + value: "CassandraAuthorizer" + - name: CLUSTER_NAME + value: "Cluster" + - name: SCYLLA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-scylladb-database-secret + key: pod_password + livenessProbe: + exec: + command: + - sh + - -c + - "nodetool status" + initialDelaySeconds: 120 + periodSeconds: 20 + timeoutSeconds: 15 + failureThreshold: 3 + readinessProbe: + exec: + command: + - sh + - -c + - "nodetool status" + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 15 + failureThreshold: 3 + volumeMounts: + - name: {{ $.Release.Name }}-scylla-data + mountPath: /var/lib/scylla + volumeClaimTemplates: + - metadata: + name: {{ $.Release.Name }}-scylla-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: {{ .Values.diskSize }} storageClassName: standard \ No newline at end of file diff --git a/charts/scylladb/templates/user-job.yaml b/charts/scylladb/templates/user-job.yaml index 5fd9f46a..5717e241 100644 --- a/charts/scylladb/templates/user-job.yaml +++ b/charts/scylladb/templates/user-job.yaml @@ -1,29 +1,29 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $.Release.Name }}-scylladb-create-superuser - namespace: {{ $.Release.Namespace }} -spec: - template: - spec: - containers: - - name: scylla-superuser-creation - image: {{ .Values.image }} - command: - - "/bin/bash" - - "-c" - - | - until cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb; do - echo "Waiting for ScyllaDB to be ready..." - sleep 5 - done - - cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb -e "CREATE ROLE superuser WITH PASSWORD = '${SCYLLA_PASSWORD}' AND LOGIN = true AND SUPERUSER = true;" - cqlsh -u superuser -p ${SCYLLA_PASSWORD} {{ $.Release.Name }}-scylladb -e "DROP ROLE cassandra;" - env: - - name: SCYLLA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $.Release.Name }}-scylladb-database-secret - key: pod_password +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $.Release.Name }}-scylladb-create-superuser + namespace: {{ $.Release.Namespace }} +spec: + template: + spec: + containers: + - name: scylla-superuser-creation + image: {{ .Values.image }} + command: + - "/bin/bash" + - "-c" + - | + until cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb; do + echo "Waiting for ScyllaDB to be ready..." + sleep 5 + done + + cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb -e "CREATE ROLE superuser WITH PASSWORD = '${SCYLLA_PASSWORD}' AND LOGIN = true AND SUPERUSER = true;" + cqlsh -u superuser -p ${SCYLLA_PASSWORD} {{ $.Release.Name }}-scylladb -e "DROP ROLE cassandra;" + env: + - name: SCYLLA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-scylladb-database-secret + key: pod_password restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/scylladb/values.yaml b/charts/scylladb/values.yaml index 21770449..7fc77f73 100644 --- a/charts/scylladb/values.yaml +++ b/charts/scylladb/values.yaml @@ -1,19 +1,19 @@ -image: "scylladb/scylla:latest" -pullPolicy: IfNotPresent - -resources: - requests: - memory: "1Gi" - cpu: "500m" - limits: - memory: "2Gi" - cpu: "1000m" - -diskSize: "10Gi" - -config: - cluster_name: "Cluster" - -scylladbRootPassword: - +image: "scylladb/scylla:latest" +pullPolicy: IfNotPresent + +resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +diskSize: "10Gi" + +config: + cluster_name: "Cluster" + +scylladbRootPassword: + services: \ No newline at end of file diff --git a/charts/service/README.md b/charts/service/README.md index 3f5ea0f0..48c9b07e 100644 --- a/charts/service/README.md +++ b/charts/service/README.md @@ -1,314 +1,314 @@ -# Service Helm Chart - -This Helm chart deploys a generic service with configurable components for Kubernetes. It provides a flexible template for deploying applications with features like health checks, resource management, monitoring, and alerting. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - -## Get Helm Repository Info - -```console -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] zopdev/service -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Configuration - -### Basic Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `name` | string | Name of the service | `"hello-api"` | -| `replicaCount` | integer | Number of replicas to run | `2` | -| `image` | string | Docker container image with tag | `"zopdev/sample-go-api:latest"` | -| `httpPort` | integer | HTTP Port on which container runs its services | `8000` | -| `metricsPort` | integer | Metrics port for scraping the metrics from container | `2121` | -| `metricsScrapeInterval` | string | Time interval that metrics will be scraped | `"30s"` | - -### Resource Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `minCPU` | string | Minimum CPU resources required | `"100m"` | -| `minMemory` | string | Minimum memory resources required | `"128M"` | -| `maxCPU` | string | Maximum CPU resources allowed | `"500m"` | -| `maxMemory` | string | Maximum memory resources allowed | `"512M"` | -| `minReplicas` | integer | Minimum number of replicas | `2` | -| `maxReplicas` | integer | Maximum number of replicas | `4` | -| `minAvailable` | integer | Minimum number of pods that must be available during voluntary disruptions | `1` | - -### Health Checks - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `livenessProbe.enable` | boolean | Whether to enable liveness probe | `false` | -| `livenessProbe.initialDelaySeconds` | integer | Initial delay for liveness probe | `3` | -| `livenessProbe.timeoutSeconds` | integer | Timeout for liveness probe | `3` | -| `livenessProbe.periodSeconds` | integer | Period for liveness probe | `10` | -| `livenessProbe.failureThreshold` | integer | Failure threshold for liveness probe | `3` | -| `readinessProbe.enable` | boolean | Whether to enable readiness probe | `false` | -| `readinessProbe.initialDelaySeconds` | integer | Initial delay for readiness probe | `3` | -| `readinessProbe.timeoutSeconds` | integer | Timeout for readiness probe | `3` | -| `readinessProbe.periodSeconds` | integer | Period for readiness probe | `10` | -| `readinessProbe.failureThreshold` | integer | Failure threshold for readiness probe | `3` | - -### Environment Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `env` | map | Environment variables for the container | `{}` | -| `envList` | list | Environment variables as a list | `[]` | -| `envFrom.configmaps` | list | List of ConfigMaps to mount as environment variables | `[]` | -| `envFrom.secrets` | list | List of Secrets to mount as environment variables | `[]` | - -### Volume Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `volumeMounts.emptyDir` | list | List of emptyDir volumes to mount | `[]` | -| `volumeMounts.configmaps` | list | List of ConfigMaps to mount | `[]` | -| `volumeMounts.secrets` | list | List of Secrets to mount | `[]` | -| `volumeMounts.pvc` | list | List of PVCs to mount | `[]` | - -### Alerting Configuration - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `alerts.standard.infra.unavailableReplicasThreshold` | integer | Alert if available replicas is less than desired | `0` | -| `alerts.standard.infra.podRestartThreshold` | integer | Alert if pod restarts exceed threshold | `0` | -| `alerts.standard.infra.hpaNearingMaxPodThreshold` | integer | Alert if replica count exceeds threshold percentage | `80` | -| `alerts.standard.infra.serviceMemoryUtilizationThreshold` | integer | Alert if memory utilization exceeds threshold | `90` | -| `alerts.standard.infra.serviceCpuUtilizationThreshold` | integer | Alert if CPU utilization exceeds threshold | `90` | - -### Custom Alerts - -| Parameter | Type | Description | Default | -|-----------|------|-------------|---------| -| `alerts.custom[].name` | string | Name of the custom alert | `""` | -| `alerts.custom[].description` | string | Description of the alert | `""` | -| `alerts.custom[].alertRule` | string | Metric name exposed by /metric endpoint | `""` | -| `alerts.custom[].sumByLabel` | string | Metric events key | `""` | -| `alerts.custom[].percentile` | number | Percentile for histogram queries | `-1.0` | -| `alerts.custom[].labelValue` | string | Metric event name | `""` | -| `alerts.custom[].queryOperator` | string | Query operator for comparison | `">"` | -| `alerts.custom[].timeWindow` | string | Time window for the alert | `"5m"` | -| `alerts.custom[].threshold` | number | Threshold value for the alert | `0` | - -## Example values.yaml - -```yaml -# Name of the service -name: hello-api - -# Number of replicas to run -replicaCount: 2 - -# Docker container image with tag -image: "zopdev/sample-go-api:latest" - -extraAnnotations: - -Containers: - privileged: false - -imagePullSecrets: -# - gcr-secrets -# - acr-secrets -# - ecr-secrets - -# Port on which container runs its services -httpPort: 8000 -metricsPort: 2121 - -ports: # Provide the ports on which container runs its services -# grpc: 9100 - -nginx: - host: - annotations: - tlsHost: - tlsSecretName: - -metricsScrapeInterval: 30s - -envFrom: - secrets: [] #List of secrets - configmaps: [] #List of Configmaps - -# Resource allocations -minCPU: "100m" -minMemory: "128M" -maxCPU: "500m" -maxMemory: "512M" -minReplicas: 2 -maxReplicas: 4 -minAvailable: 1 - -# Whether application is a CLI service -cliService: false - -# Heartbeat URL -heartbeatURL: "" - -readinessProbe: - enable: false -# initialDelaySeconds: 3 -# timeoutSeconds: 3 -# periodSeconds: 10 -# failureThreshold: 3 - -livenessProbe: - enable: false -# initialDelaySeconds: 3 -# timeoutSeconds: 3 -# periodSeconds: 10 -# failureThreshold: 3 - -# All environment variables can be passed as a map -env: -# APP_NAME: hello-api - -# Environment variables as a list (new format) -envList: -# - name: APP_NAME -# value: hello-api -# - name: DB_HOST -# value: localhost - - -appSecrets: false - -command : - -volumeMounts: - emptyDir: - # - name: zopdev-emptydir - configmaps: - # - name: zopdev-configmap - # mountPath: /etc/env - # configName: - # readOnly: true - secrets: - # - name: zopdev-secret - # mountPath: /etc/secret - # readOnly: true - # secretName: - pvc: -# - name: zopdev-volume -# mountPath: /etc/data -# pvcName: zopdev-pvc - -alerts: - standard: - infra: - unavailableReplicasThreshold: 0 # Alert if the available replicas is lesser than number of desired replicas - podRestartThreshold: 0 # Alert if the pod restarts goes beyond threshold over a 5-minute window. - podRestartTimeWindow: "5m" # Time window ,default "5m" - hpaNearingMaxPodThreshold: 80 # Alert if replica count crosses the threshold percentage of max pod count - serviceMemoryUtilizationThreshold: 90 # Alert if service memory exceeds threshold - serviceCpuUtilizationThreshold: 90 # Alert if service cpu exceeds threshold - serviceCpuUtilizationTimeWindow: "5m" # Time window for service cpu utilization - healthCheckFailureThreshold: 50 # Alert if application health-check failures goes beyond 50 in a 5-minute window. - healthCheckFailureTimeWindow: "5m" # Time window ,default "5m" - custom: - # - name: "Custom alert if user_created events goes below threshold for 5 min" - # description: "Custom alert if user_created events goes below threshold for 5 min" - # alertRule: "user_post_get_counter" # Metric Name exposed by /metric endpoint - # sumByLabel: "events" # Metric events key; can be empty string - # percentile: -1.0 #Percentile is useful for histogram queries - # labelValue: "user_created" # Metric Event Name; can be empty string - # queryOperator: <= # Query Operator, by default its `>` - # timeWindow: "5m" - # threshold: 1 - # labels: - # severity: critical - - # initContainer can be used to run database migration or other types of initialization operation before deployment - #initContainer: - # image: - # args: ["gofr migrate -method=UP -database=gorm"] - # env: - # cloud: "AWS" - # secrets: - # DB_PASSWORD: zs-test-postgresqldb-db-secret # Secrets will be in the format env_variable: AWS_Secret_Name - -# This section deals with creating custom dashboards for grafana -grafanaDashboard: -# sample format for using json model -# custom_dashboard.json: -# {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","target":{"limit":100,"matchAny":false,"tags":[],"type":"dashboard"},"type":"dashboard"}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":27,"links":[],"panels":[],"schemaVersion":30,"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":"now-6h","to":"now"},"timepicker":{},"timezone":"","title":"Custom dashboard","version":1} - -datastores: - mysql: - postgres: - redis: - solr: - surrealdb: - chromadb: - mariadb: - cockroachdb: - cassandra: - redisdistributed: - scylladb: - kafka: - solrcloud: -``` - -## Features - -- Configurable resource limits and requests -- Health monitoring with liveness and readiness probes -- Environment variable management -- Volume mounting support -- Prometheus metrics integration -- Custom alerting rules -- Horizontal Pod Autoscaling -- Pod Disruption Budget -- Service monitoring -- Custom Grafana dashboards support - -## Architecture - -The service deployment includes: -- Application pods with configurable replicas -- Service for network access -- Horizontal Pod Autoscaler -- Pod Disruption Budget -- ServiceMonitor for Prometheus -- ConfigMaps and Secrets management -- Volume management -- Health check endpoints -- Metrics endpoints - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. - +# Service Helm Chart + +This Helm chart deploys a generic service with configurable components for Kubernetes. It provides a flexible template for deploying applications with features like health checks, resource management, monitoring, and alerting. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +## Get Helm Repository Info + +```console +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Helm Chart + +```console +helm install [RELEASE_NAME] zopdev/service +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Helm Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Configuration + +### Basic Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `name` | string | Name of the service | `"hello-api"` | +| `replicaCount` | integer | Number of replicas to run | `2` | +| `image` | string | Docker container image with tag | `"zopdev/sample-go-api:latest"` | +| `httpPort` | integer | HTTP Port on which container runs its services | `8000` | +| `metricsPort` | integer | Metrics port for scraping the metrics from container | `2121` | +| `metricsScrapeInterval` | string | Time interval that metrics will be scraped | `"30s"` | + +### Resource Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `minCPU` | string | Minimum CPU resources required | `"100m"` | +| `minMemory` | string | Minimum memory resources required | `"128M"` | +| `maxCPU` | string | Maximum CPU resources allowed | `"500m"` | +| `maxMemory` | string | Maximum memory resources allowed | `"512M"` | +| `minReplicas` | integer | Minimum number of replicas | `2` | +| `maxReplicas` | integer | Maximum number of replicas | `4` | +| `minAvailable` | integer | Minimum number of pods that must be available during voluntary disruptions | `1` | + +### Health Checks + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `livenessProbe.enable` | boolean | Whether to enable liveness probe | `false` | +| `livenessProbe.initialDelaySeconds` | integer | Initial delay for liveness probe | `3` | +| `livenessProbe.timeoutSeconds` | integer | Timeout for liveness probe | `3` | +| `livenessProbe.periodSeconds` | integer | Period for liveness probe | `10` | +| `livenessProbe.failureThreshold` | integer | Failure threshold for liveness probe | `3` | +| `readinessProbe.enable` | boolean | Whether to enable readiness probe | `false` | +| `readinessProbe.initialDelaySeconds` | integer | Initial delay for readiness probe | `3` | +| `readinessProbe.timeoutSeconds` | integer | Timeout for readiness probe | `3` | +| `readinessProbe.periodSeconds` | integer | Period for readiness probe | `10` | +| `readinessProbe.failureThreshold` | integer | Failure threshold for readiness probe | `3` | + +### Environment Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `env` | map | Environment variables for the container | `{}` | +| `envList` | list | Environment variables as a list | `[]` | +| `envFrom.configmaps` | list | List of ConfigMaps to mount as environment variables | `[]` | +| `envFrom.secrets` | list | List of Secrets to mount as environment variables | `[]` | + +### Volume Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `volumeMounts.emptyDir` | list | List of emptyDir volumes to mount | `[]` | +| `volumeMounts.configmaps` | list | List of ConfigMaps to mount | `[]` | +| `volumeMounts.secrets` | list | List of Secrets to mount | `[]` | +| `volumeMounts.pvc` | list | List of PVCs to mount | `[]` | + +### Alerting Configuration + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `alerts.standard.infra.unavailableReplicasThreshold` | integer | Alert if available replicas is less than desired | `0` | +| `alerts.standard.infra.podRestartThreshold` | integer | Alert if pod restarts exceed threshold | `0` | +| `alerts.standard.infra.hpaNearingMaxPodThreshold` | integer | Alert if replica count exceeds threshold percentage | `80` | +| `alerts.standard.infra.serviceMemoryUtilizationThreshold` | integer | Alert if memory utilization exceeds threshold | `90` | +| `alerts.standard.infra.serviceCpuUtilizationThreshold` | integer | Alert if CPU utilization exceeds threshold | `90` | + +### Custom Alerts + +| Parameter | Type | Description | Default | +|-----------|------|-------------|---------| +| `alerts.custom[].name` | string | Name of the custom alert | `""` | +| `alerts.custom[].description` | string | Description of the alert | `""` | +| `alerts.custom[].alertRule` | string | Metric name exposed by /metric endpoint | `""` | +| `alerts.custom[].sumByLabel` | string | Metric events key | `""` | +| `alerts.custom[].percentile` | number | Percentile for histogram queries | `-1.0` | +| `alerts.custom[].labelValue` | string | Metric event name | `""` | +| `alerts.custom[].queryOperator` | string | Query operator for comparison | `">"` | +| `alerts.custom[].timeWindow` | string | Time window for the alert | `"5m"` | +| `alerts.custom[].threshold` | number | Threshold value for the alert | `0` | + +## Example values.yaml + +```yaml +# Name of the service +name: hello-api + +# Number of replicas to run +replicaCount: 2 + +# Docker container image with tag +image: "zopdev/sample-go-api:latest" + +extraAnnotations: + +Containers: + privileged: false + +imagePullSecrets: +# - gcr-secrets +# - acr-secrets +# - ecr-secrets + +# Port on which container runs its services +httpPort: 8000 +metricsPort: 2121 + +ports: # Provide the ports on which container runs its services +# grpc: 9100 + +nginx: + host: + annotations: + tlsHost: + tlsSecretName: + +metricsScrapeInterval: 30s + +envFrom: + secrets: [] #List of secrets + configmaps: [] #List of Configmaps + +# Resource allocations +minCPU: "100m" +minMemory: "128M" +maxCPU: "500m" +maxMemory: "512M" +minReplicas: 2 +maxReplicas: 4 +minAvailable: 1 + +# Whether application is a CLI service +cliService: false + +# Heartbeat URL +heartbeatURL: "" + +readinessProbe: + enable: false +# initialDelaySeconds: 3 +# timeoutSeconds: 3 +# periodSeconds: 10 +# failureThreshold: 3 + +livenessProbe: + enable: false +# initialDelaySeconds: 3 +# timeoutSeconds: 3 +# periodSeconds: 10 +# failureThreshold: 3 + +# All environment variables can be passed as a map +env: +# APP_NAME: hello-api + +# Environment variables as a list (new format) +envList: +# - name: APP_NAME +# value: hello-api +# - name: DB_HOST +# value: localhost + + +appSecrets: false + +command : + +volumeMounts: + emptyDir: + # - name: zopdev-emptydir + configmaps: + # - name: zopdev-configmap + # mountPath: /etc/env + # configName: + # readOnly: true + secrets: + # - name: zopdev-secret + # mountPath: /etc/secret + # readOnly: true + # secretName: + pvc: +# - name: zopdev-volume +# mountPath: /etc/data +# pvcName: zopdev-pvc + +alerts: + standard: + infra: + unavailableReplicasThreshold: 0 # Alert if the available replicas is lesser than number of desired replicas + podRestartThreshold: 0 # Alert if the pod restarts goes beyond threshold over a 5-minute window. + podRestartTimeWindow: "5m" # Time window ,default "5m" + hpaNearingMaxPodThreshold: 80 # Alert if replica count crosses the threshold percentage of max pod count + serviceMemoryUtilizationThreshold: 90 # Alert if service memory exceeds threshold + serviceCpuUtilizationThreshold: 90 # Alert if service cpu exceeds threshold + serviceCpuUtilizationTimeWindow: "5m" # Time window for service cpu utilization + healthCheckFailureThreshold: 50 # Alert if application health-check failures goes beyond 50 in a 5-minute window. + healthCheckFailureTimeWindow: "5m" # Time window ,default "5m" + custom: + # - name: "Custom alert if user_created events goes below threshold for 5 min" + # description: "Custom alert if user_created events goes below threshold for 5 min" + # alertRule: "user_post_get_counter" # Metric Name exposed by /metric endpoint + # sumByLabel: "events" # Metric events key; can be empty string + # percentile: -1.0 #Percentile is useful for histogram queries + # labelValue: "user_created" # Metric Event Name; can be empty string + # queryOperator: <= # Query Operator, by default its `>` + # timeWindow: "5m" + # threshold: 1 + # labels: + # severity: critical + + # initContainer can be used to run database migration or other types of initialization operation before deployment + #initContainer: + # image: + # args: ["gofr migrate -method=UP -database=gorm"] + # env: + # cloud: "AWS" + # secrets: + # DB_PASSWORD: zs-test-postgresqldb-db-secret # Secrets will be in the format env_variable: AWS_Secret_Name + +# This section deals with creating custom dashboards for grafana +grafanaDashboard: +# sample format for using json model +# custom_dashboard.json: +# {"annotations":{"list":[{"builtIn":1,"datasource":"-- Grafana --","enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","target":{"limit":100,"matchAny":false,"tags":[],"type":"dashboard"},"type":"dashboard"}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":27,"links":[],"panels":[],"schemaVersion":30,"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":"now-6h","to":"now"},"timepicker":{},"timezone":"","title":"Custom dashboard","version":1} + +datastores: + mysql: + postgres: + redis: + solr: + surrealdb: + chromadb: + mariadb: + cockroachdb: + cassandra: + redisdistributed: + scylladb: + kafka: + solrcloud: +``` + +## Features + +- Configurable resource limits and requests +- Health monitoring with liveness and readiness probes +- Environment variable management +- Volume mounting support +- Prometheus metrics integration +- Custom alerting rules +- Horizontal Pod Autoscaling +- Pod Disruption Budget +- Service monitoring +- Custom Grafana dashboards support + +## Architecture + +The service deployment includes: +- Application pods with configurable replicas +- Service for network access +- Horizontal Pod Autoscaler +- Pod Disruption Budget +- ServiceMonitor for Prometheus +- ConfigMaps and Secrets management +- Volume management +- Health check endpoints +- Metrics endpoints + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. + diff --git a/charts/service/templates/alerts.yaml b/charts/service/templates/alerts.yaml index 33fa8720..ae1ce5fc 100644 --- a/charts/service/templates/alerts.yaml +++ b/charts/service/templates/alerts.yaml @@ -1,123 +1,123 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus - name: {{ .Values.name }} -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Values.name }}.rules - rules: - # Alert if the number of pods goes down minimum over a period of time. - - alert: {{ snakecase .Values.name }}_pod_below_minimum_replicas - annotations: - description: "Replicas of {{ .Values.name }} are falling short than the minimum required count in {{ .Release.Namespace }} namespace for longer than 3 minutes." - expr: sum(kube_horizontalpodautoscaler_spec_min_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"}) - sum(kube_deployment_status_replicas_available{namespace="{{ .Release.Namespace }}", deployment="{{ .Values.name }}"}) > 0 - for: 3m - labels: - severity: critical - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - # Alert if the pod restarts. - {{- if ne (int .Values.alerts.standard.infra.podRestartThreshold) -1 }} - - alert: {{ snakecase .Values.name }}_pod_restarts - annotations: - description: "One or more replicas of {{ .Values.name }} have restarted repeatedly in the {{ .Release.Namespace }} namespace within the observed time window." - expr: sum(increase(kube_pod_container_status_restarts_total{namespace="{{ .Release.Namespace }}",pod=~"{{ .Values.name }}-.*" }[{{ .Values.alerts.standard.infra.podRestartTimeWindow }}])) > {{ .Values.alerts.standard.infra.podRestartThreshold }} - labels: - severity: critical - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - {{- end}} - # Alert if replicas of service are in unavailable state. - {{- if ne (int .Values.alerts.standard.infra.unavailableReplicasThreshold) -1 }} - - alert: {{ snakecase .Values.name }}_unavailable_replicas - annotations: - description: "One or more replicas of {{ .Values.name }} are currently unavailable in the {{ .Release.Namespace }} namespace." - expr: sum(kube_deployment_status_replicas_unavailable{deployment="{{ .Values.name }}",namespace="{{ .Release.Namespace }}"}) > {{ .Values.alerts.standard.infra.unavailableReplicasThreshold }} - labels: - severity: critical - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - {{- end}} - # Alert if the deployment has zero replicas. - - alert: {{ snakecase .Values.name }}_deployment_has_zero_replicas - annotations: - description: "{{ .Values.name }} deployment has zero replicas in {{ .Release.Namespace }} namespace." - expr: sum(kube_deployment_status_replicas{namespace="{{ .Release.Namespace }}", deployment="{{ .Values.name }}"}) == 0 - labels: - severity: critical - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - # Alert if replica count crosses the threshold percentage of max pod count. - {{- if ne (int .Values.maxReplicas) 1 }} - - alert: {{ snakecase .Values.name }}_hpa_nearing_max_pod_count - annotations: - description: "HPA of {{ .Values.name }} has been running at {{ .Values.alerts.standard.infra.hpaNearingMaxPodThreshold }} percent of max replicas." - expr: (sum(kube_horizontalpodautoscaler_status_current_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"}) / sum(kube_horizontalpodautoscaler_spec_max_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"})) * 100 >= {{ .Values.alerts.standard.infra.hpaNearingMaxPodThreshold }} - labels: - severity: warning - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - {{- end}} - # Alert if memory utilization is beyond threshold for service in any pod - {{- if ne (int .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold) -1 }} - - alert: {{ snakecase .Values.name }}_service_memory_utilization_above_{{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold}} - annotations: - description: "Memory Utilisation of {{ .Values.name }} exceeded {{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold}} percent of the resource limits" - expr: sum(container_memory_working_set_bytes{pod=~"{{ .Values.name }}-.*", container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}) / sum(container_spec_memory_limit_bytes{pod=~"{{ .Values.name }}-.*",container="{{ .Values.name }}",namespace="{{ .Release.Namespace }}"}) *100 > {{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold }} - labels: - severity: warning - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - {{- end}} - # Alert if CPU utilization is beyond threshold for service in any pod - {{- if ne (int .Values.alerts.standard.infra.serviceCpuUtilizationThreshold) -1 }} - - alert: {{ snakecase .Values.name }}_service_cpu_utilization_above_{{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} - annotations: - description: "CPU Utilisation of {{ .Values.name }} exceeded {{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} percent of the resource limits" - expr: ((sum(irate(container_cpu_usage_seconds_total{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}[{{ .Values.alerts.standard.infra.serviceCpuUtilizationTimeWindow }}])) / sum(container_spec_cpu_quota{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"} / container_spec_cpu_period{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}) ) * 100) > {{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} - labels: - severity: warning - servicealert: "true" - service: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - {{- end}} - - # Custom Alerts dependent on services - {{- range $v := .Values.alerts.custom }} - - alert: {{ snakecase $v.name }} - annotations: - description: {{ $v.description | quote }} - {{- if ne (default 0.0 $v.percentile) 0.0 }} - expr: (histogram_quantile({{ $v.percentile }}, sum(rate({{ $v.alertRule }}{service="{{ $.Values.name }}"}[{{ $v.timeWindow }}])) by ({{ $v.sumByLabel }}))){{ $v.queryOperator | default (printf ">") }} {{ $v.threshold }} - {{- else }} - {{- if ne $v.sumByLabel "" }} - {{- if ne $v.labelValue "" }} - expr: sum by ({{ $v.sumByLabel }}) (increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{printf ", %s=\"%s\"" $v.sumByLabel $v.labelValue }}{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf " > ") }}{{ $v.threshold}} - {{- else}} - expr: sum by ({{ $v.sumByLabel }}) (increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf ">") }}{{ $v.threshold}} - {{- end }} - {{- end }} - {{- if eq $v.sumByLabel "" }} - expr: sum(increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf ">") }}{{ $v.threshold}} - {{- end }} - {{- end }} - labels: - servicealert: "true" - namespace: {{ $.Release.Namespace }} - service: {{ $.Values.name }} - {{- range $key,$value := $v.labels }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus + name: {{ .Values.name }} +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Values.name }}.rules + rules: + # Alert if the number of pods goes down minimum over a period of time. + - alert: {{ snakecase .Values.name }}_pod_below_minimum_replicas + annotations: + description: "Replicas of {{ .Values.name }} are falling short than the minimum required count in {{ .Release.Namespace }} namespace for longer than 3 minutes." + expr: sum(kube_horizontalpodautoscaler_spec_min_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"}) - sum(kube_deployment_status_replicas_available{namespace="{{ .Release.Namespace }}", deployment="{{ .Values.name }}"}) > 0 + for: 3m + labels: + severity: critical + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + # Alert if the pod restarts. + {{- if ne (int .Values.alerts.standard.infra.podRestartThreshold) -1 }} + - alert: {{ snakecase .Values.name }}_pod_restarts + annotations: + description: "One or more replicas of {{ .Values.name }} have restarted repeatedly in the {{ .Release.Namespace }} namespace within the observed time window." + expr: sum(increase(kube_pod_container_status_restarts_total{namespace="{{ .Release.Namespace }}",pod=~"{{ .Values.name }}-.*" }[{{ .Values.alerts.standard.infra.podRestartTimeWindow }}])) > {{ .Values.alerts.standard.infra.podRestartThreshold }} + labels: + severity: critical + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + {{- end}} + # Alert if replicas of service are in unavailable state. + {{- if ne (int .Values.alerts.standard.infra.unavailableReplicasThreshold) -1 }} + - alert: {{ snakecase .Values.name }}_unavailable_replicas + annotations: + description: "One or more replicas of {{ .Values.name }} are currently unavailable in the {{ .Release.Namespace }} namespace." + expr: sum(kube_deployment_status_replicas_unavailable{deployment="{{ .Values.name }}",namespace="{{ .Release.Namespace }}"}) > {{ .Values.alerts.standard.infra.unavailableReplicasThreshold }} + labels: + severity: critical + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + {{- end}} + # Alert if the deployment has zero replicas. + - alert: {{ snakecase .Values.name }}_deployment_has_zero_replicas + annotations: + description: "{{ .Values.name }} deployment has zero replicas in {{ .Release.Namespace }} namespace." + expr: sum(kube_deployment_status_replicas{namespace="{{ .Release.Namespace }}", deployment="{{ .Values.name }}"}) == 0 + labels: + severity: critical + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + # Alert if replica count crosses the threshold percentage of max pod count. + {{- if ne (int .Values.maxReplicas) 1 }} + - alert: {{ snakecase .Values.name }}_hpa_nearing_max_pod_count + annotations: + description: "HPA of {{ .Values.name }} has been running at {{ .Values.alerts.standard.infra.hpaNearingMaxPodThreshold }} percent of max replicas." + expr: (sum(kube_horizontalpodautoscaler_status_current_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"}) / sum(kube_horizontalpodautoscaler_spec_max_replicas{namespace="{{ .Release.Namespace }}", horizontalpodautoscaler="{{ .Values.name }}"})) * 100 >= {{ .Values.alerts.standard.infra.hpaNearingMaxPodThreshold }} + labels: + severity: warning + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + {{- end}} + # Alert if memory utilization is beyond threshold for service in any pod + {{- if ne (int .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold) -1 }} + - alert: {{ snakecase .Values.name }}_service_memory_utilization_above_{{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold}} + annotations: + description: "Memory Utilisation of {{ .Values.name }} exceeded {{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold}} percent of the resource limits" + expr: sum(container_memory_working_set_bytes{pod=~"{{ .Values.name }}-.*", container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}) / sum(container_spec_memory_limit_bytes{pod=~"{{ .Values.name }}-.*",container="{{ .Values.name }}",namespace="{{ .Release.Namespace }}"}) *100 > {{ .Values.alerts.standard.infra.serviceMemoryUtilizationThreshold }} + labels: + severity: warning + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + {{- end}} + # Alert if CPU utilization is beyond threshold for service in any pod + {{- if ne (int .Values.alerts.standard.infra.serviceCpuUtilizationThreshold) -1 }} + - alert: {{ snakecase .Values.name }}_service_cpu_utilization_above_{{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} + annotations: + description: "CPU Utilisation of {{ .Values.name }} exceeded {{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} percent of the resource limits" + expr: ((sum(irate(container_cpu_usage_seconds_total{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}[{{ .Values.alerts.standard.infra.serviceCpuUtilizationTimeWindow }}])) / sum(container_spec_cpu_quota{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"} / container_spec_cpu_period{container="{{ .Values.name }}", namespace="{{ .Release.Namespace }}"}) ) * 100) > {{ .Values.alerts.standard.infra.serviceCpuUtilizationThreshold }} + labels: + severity: warning + servicealert: "true" + service: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + {{- end}} + + # Custom Alerts dependent on services + {{- range $v := .Values.alerts.custom }} + - alert: {{ snakecase $v.name }} + annotations: + description: {{ $v.description | quote }} + {{- if ne (default 0.0 $v.percentile) 0.0 }} + expr: (histogram_quantile({{ $v.percentile }}, sum(rate({{ $v.alertRule }}{service="{{ $.Values.name }}"}[{{ $v.timeWindow }}])) by ({{ $v.sumByLabel }}))){{ $v.queryOperator | default (printf ">") }} {{ $v.threshold }} + {{- else }} + {{- if ne $v.sumByLabel "" }} + {{- if ne $v.labelValue "" }} + expr: sum by ({{ $v.sumByLabel }}) (increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{printf ", %s=\"%s\"" $v.sumByLabel $v.labelValue }}{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf " > ") }}{{ $v.threshold}} + {{- else}} + expr: sum by ({{ $v.sumByLabel }}) (increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf ">") }}{{ $v.threshold}} + {{- end }} + {{- end }} + {{- if eq $v.sumByLabel "" }} + expr: sum(increase({{ $v.alertRule }}{service="{{ $.Values.name }}", namespace="{{ $.Release.Namespace }}"{{ printf "}["}}{{ printf $v.timeWindow}}{{ printf "]))"}}{{ $v.queryOperator | default (printf ">") }}{{ $v.threshold}} + {{- end }} + {{- end }} + labels: + servicealert: "true" + namespace: {{ $.Release.Namespace }} + service: {{ $.Values.name }} + {{- range $key,$value := $v.labels }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} --- \ No newline at end of file diff --git a/charts/service/templates/env-configmap.yaml b/charts/service/templates/env-configmap.yaml index 42b96d4c..be6a7c24 100644 --- a/charts/service/templates/env-configmap.yaml +++ b/charts/service/templates/env-configmap.yaml @@ -1,15 +1,15 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.name }}-env-configmap - labels: - app: {{ .Values.name }} -data: - {{- range $k, $v := .Values.env }} - {{ $k }}: {{ $v | quote }} - {{- end }} - {{- if .Values.envList }} - {{- range .Values.envList }} - {{ .name }}: {{ .value | quote }} - {{- end }} - {{- end }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }}-env-configmap + labels: + app: {{ .Values.name }} +data: + {{- range $k, $v := .Values.env }} + {{ $k }}: {{ $v | quote }} + {{- end }} + {{- if .Values.envList }} + {{- range .Values.envList }} + {{ .name }}: {{ .value | quote }} + {{- end }} + {{- end }} diff --git a/charts/service/templates/grafana-dashboard-configmap.yaml b/charts/service/templates/grafana-dashboard-configmap.yaml index bcdeb9ab..38e01b4e 100644 --- a/charts/service/templates/grafana-dashboard-configmap.yaml +++ b/charts/service/templates/grafana-dashboard-configmap.yaml @@ -1,14 +1,14 @@ -{{- if .Values.grafanaDashboard }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.name }} - namespace: monitoring - labels: - grafanaDashboard: "true" -data: - {{- range $k,$v := .Values.grafanaDashboard }} - {{ $k }}: {{ $v | toJson | quote }} - {{- end }} - +{{- if .Values.grafanaDashboard }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }} + namespace: monitoring + labels: + grafanaDashboard: "true" +data: + {{- range $k,$v := .Values.grafanaDashboard }} + {{ $k }}: {{ $v | toJson | quote }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/service/templates/hpa.yaml b/charts/service/templates/hpa.yaml index ca62aa14..53bea5f9 100644 --- a/charts/service/templates/hpa.yaml +++ b/charts/service/templates/hpa.yaml @@ -1,44 +1,44 @@ -{{- if (.Values.hpa_enable) -}} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Values.name }} -spec: - maxReplicas: {{ .Values.maxReplicas | default 4}} - minReplicas: {{ .Values.minReplicas | default 2}} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Values.name }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - {{ if ne .Values.hpaCPU "" }} - {{ if ne .Values.hpaCPU nil }} - averageUtilization: {{ .Values.hpaCPU }} - {{ else if ne .Values.maxCPU "" }} - averageUtilization: {{ div (mul (int (trimSuffix "m" .Values.maxCPU)) 80) (int (trimSuffix "m" .Values.minCPU)) }} - {{ else }} - averageUtilization: 80 - {{ end }} - {{ end }} - - type: Resource - resource: - name: memory - target: - type: Utilization - {{if ne .Values.hpaMemory ""}} - {{ if ne .Values.hpaMemory nil }} - averageUtilization: {{ .Values.hpaMemory }} - {{ else if ne .Values.maxMemory "" }} - averageUtilization: {{ div (mul (int (trimSuffix "M" .Values.maxMemory)) 80) (int (trimSuffix "M" .Values.minMemory)) }} - {{ else }} - averageUtilization: 80 - {{ end }} - {{ end }} ---- +{{- if (.Values.hpa_enable) -}} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.name }} +spec: + maxReplicas: {{ .Values.maxReplicas | default 4}} + minReplicas: {{ .Values.minReplicas | default 2}} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.name }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + {{ if ne .Values.hpaCPU "" }} + {{ if ne .Values.hpaCPU nil }} + averageUtilization: {{ .Values.hpaCPU }} + {{ else if ne .Values.maxCPU "" }} + averageUtilization: {{ div (mul (int (trimSuffix "m" .Values.maxCPU)) 80) (int (trimSuffix "m" .Values.minCPU)) }} + {{ else }} + averageUtilization: 80 + {{ end }} + {{ end }} + - type: Resource + resource: + name: memory + target: + type: Utilization + {{if ne .Values.hpaMemory ""}} + {{ if ne .Values.hpaMemory nil }} + averageUtilization: {{ .Values.hpaMemory }} + {{ else if ne .Values.maxMemory "" }} + averageUtilization: {{ div (mul (int (trimSuffix "M" .Values.maxMemory)) 80) (int (trimSuffix "M" .Values.minMemory)) }} + {{ else }} + averageUtilization: 80 + {{ end }} + {{ end }} +--- {{- end -}} \ No newline at end of file diff --git a/charts/service/templates/ingress.yaml b/charts/service/templates/ingress.yaml index d17c0d61..9c66c135 100644 --- a/charts/service/templates/ingress.yaml +++ b/charts/service/templates/ingress.yaml @@ -1,39 +1,39 @@ -{{- if and .Values.nginx .Values.nginx.host }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Values.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.name }} - annotations: - {{- range $key, $value := .Values.nginx.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - -spec: - rules: - - host: {{ .Values.nginx.host }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ .Values.name }} - port: - number: 80 - {{- if .Values.metricsPort }} - - path: /metrics - pathType: ImplementationSpecific - backend: - service: - name: {{ .Values.name }} - port: - number: 2121 - {{- end }} - tls: - - hosts: - - '{{ .Values.nginx.tlsHost | default .Values.nginx.host }}' - secretName: {{ .Values.nginx.tlsSecretName | default "tls-secret-replica" }} +{{- if and .Values.nginx .Values.nginx.host }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.name }} + annotations: + {{- range $key, $value := .Values.nginx.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + +spec: + rules: + - host: {{ .Values.nginx.host }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ .Values.name }} + port: + number: 80 + {{- if .Values.metricsPort }} + - path: /metrics + pathType: ImplementationSpecific + backend: + service: + name: {{ .Values.name }} + port: + number: 2121 + {{- end }} + tls: + - hosts: + - '{{ .Values.nginx.tlsHost | default .Values.nginx.host }}' + secretName: {{ .Values.nginx.tlsSecretName | default "tls-secret-replica" }} {{- end }} \ No newline at end of file diff --git a/charts/service/templates/pod-disruption-budget.yaml b/charts/service/templates/pod-disruption-budget.yaml index e9eab395..952baea6 100644 --- a/charts/service/templates/pod-disruption-budget.yaml +++ b/charts/service/templates/pod-disruption-budget.yaml @@ -1,11 +1,11 @@ -{{- if gt (int .Values.minReplicas) 1 }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ .Values.name }} -spec: - minAvailable: {{ .Values.minAvailable }} - selector: - matchLabels: - app: {{ .Values.name }} +{{- if gt (int .Values.minReplicas) 1 }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Values.name }} +spec: + minAvailable: {{ .Values.minAvailable }} + selector: + matchLabels: + app: {{ .Values.name }} {{- end }} \ No newline at end of file diff --git a/charts/service/templates/pvc.yaml b/charts/service/templates/pvc.yaml index 87f21ec2..cb3011b9 100644 --- a/charts/service/templates/pvc.yaml +++ b/charts/service/templates/pvc.yaml @@ -1,18 +1,18 @@ -{{- if and .Values.volumeMounts .Values.volumeMounts.pvc }} -{{- range $index, $service := .Values.volumeMounts.pvc }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ $service.name }} - labels: - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/name: {{ $.Chart.Name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .storage | default "5Gi" }} ---- -{{- end }} +{{- if and .Values.volumeMounts .Values.volumeMounts.pvc }} +{{- range $index, $service := .Values.volumeMounts.pvc }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $service.name }} + labels: + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/name: {{ $.Chart.Name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .storage | default "5Gi" }} +--- +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/service/templates/service.yaml b/charts/service/templates/service.yaml index 5fbfe898..feb0c777 100644 --- a/charts/service/templates/service.yaml +++ b/charts/service/templates/service.yaml @@ -1,31 +1,31 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.name }} - labels: - app: {{ .Values.name }} -spec: - ports: - - name: http-port - port: 80 - targetPort: {{ .Values.httpPort}} - {{- if and .Values.metricsPort (ne (int .Values.metricsPort) 0) }} - - name: metrics-port - port: 2121 - targetPort: {{ .Values.metricsPort}} - {{- end }} - {{- range $k, $v := .Values.ports}} - - name: {{ $k}} - port: {{ $v }} - targetPort: {{ $v }} - {{- end }} - {{- if .Values.injectIstio }} - - name: http-envoy-prom - protocol: TCP - port: 15090 - targetPort: 15090 - {{- end }} - selector: - app: {{ .Values.name }} - type: NodePort +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.name }} + labels: + app: {{ .Values.name }} +spec: + ports: + - name: http-port + port: 80 + targetPort: {{ .Values.httpPort}} + {{- if and .Values.metricsPort (ne (int .Values.metricsPort) 0) }} + - name: metrics-port + port: 2121 + targetPort: {{ .Values.metricsPort}} + {{- end }} + {{- range $k, $v := .Values.ports}} + - name: {{ $k}} + port: {{ $v }} + targetPort: {{ $v }} + {{- end }} + {{- if .Values.injectIstio }} + - name: http-envoy-prom + protocol: TCP + port: 15090 + targetPort: 15090 + {{- end }} + selector: + app: {{ .Values.name }} + type: NodePort --- \ No newline at end of file diff --git a/charts/service/templates/serviceMonitor.yaml b/charts/service/templates/serviceMonitor.yaml index b0cd926d..da58ee27 100644 --- a/charts/service/templates/serviceMonitor.yaml +++ b/charts/service/templates/serviceMonitor.yaml @@ -1,23 +1,23 @@ -{{- if .Values.metricsPort }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{.Values.name}} - labels: - app: {{.Values.name}} - release: prometheus -spec: - selector: - matchLabels: - app: {{.Values.name}} - endpoints: - - port: metrics-port - interval: {{.Values.metricsScrapeInterval }} - path: /metrics - {{- if .Values.injectIstio }} - - interval: 15s - path: /stats/prometheus - port: http-envoy-prom - {{- end }} -{{- end }} +{{- if .Values.metricsPort }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{.Values.name}} + labels: + app: {{.Values.name}} + release: prometheus +spec: + selector: + matchLabels: + app: {{.Values.name}} + endpoints: + - port: metrics-port + interval: {{.Values.metricsScrapeInterval }} + path: /metrics + {{- if .Values.injectIstio }} + - interval: 15s + path: /stats/prometheus + port: http-envoy-prom + {{- end }} +{{- end }} --- \ No newline at end of file diff --git a/charts/solr-operator/Chart.lock b/charts/solr-operator/Chart.lock index 56e11f31..fb0b99e4 100644 --- a/charts/solr-operator/Chart.lock +++ b/charts/solr-operator/Chart.lock @@ -1,6 +1,6 @@ -dependencies: -- name: zookeeper-operator - repository: https://helm.zop.dev - version: v0.0.1 -digest: sha256:f179767db85e46a206747d922d65c33e33d5a246a8997ef9dc246837eac61477 -generated: "2025-04-08T12:12:53.582849+05:30" +dependencies: +- name: zookeeper-operator + repository: https://helm.zop.dev + version: v0.0.1 +digest: sha256:f179767db85e46a206747d922d65c33e33d5a246a8997ef9dc246837eac61477 +generated: "2025-04-08T12:12:53.582849+05:30" diff --git a/charts/solr-operator/Chart.yaml b/charts/solr-operator/Chart.yaml index b19f9b23..0af7b112 100644 --- a/charts/solr-operator/Chart.yaml +++ b/charts/solr-operator/Chart.yaml @@ -1,14 +1,14 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Deploying Solr Operator on Kubernetes -name: solr-operator -version: 0.0.1 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png" -dependencies: - - name: 'zookeeper-operator' - version: 0.0.1 - repository: https://helm.zop.dev - condition: zookeeper-operator.install -maintainers: - - name: ZopDev +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Deploying Solr Operator on Kubernetes +name: solr-operator +version: 0.0.1 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png" +dependencies: + - name: 'zookeeper-operator' + version: 0.0.1 + repository: https://helm.zop.dev + condition: zookeeper-operator.install +maintainers: + - name: ZopDev url: zop.dev \ No newline at end of file diff --git a/charts/solr-operator/README.md b/charts/solr-operator/README.md index 30535fd1..53779730 100644 --- a/charts/solr-operator/README.md +++ b/charts/solr-operator/README.md @@ -1,157 +1,157 @@ -# Solr Operator Helm Chart - -This Helm chart deploys the Solr Operator on Kubernetes, which manages SolrCloud clusters and standalone Solr instances. The Solr Operator simplifies the deployment and management of Solr in Kubernetes environments. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the Solr Operator Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/solr-operator -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-solr-operator zopdev/solr-operator -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Solr Operator Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-solr-operator -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The Solr Operator Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `version` | `string` | Version of the Solr Operator to deploy. | `"v0.9.0"` | -| `zookeeper-operator.install` | `boolean` | Whether to install the Zookeeper Operator as a dependency. | `true` | -| `zookeeper-operator.crd.create` | `boolean` | Whether to create Zookeeper CRDs. | `true` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Solr Operator. | `"100m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by the Solr Operator. | `"128Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the Solr Operator can use. | `"200m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the Solr Operator can use. | `"256Mi"` | -| `mTLS.clientCertSecret` | `string` | Name of the secret containing client certificates for mTLS. | `""` | -| `mTLS.caCertSecret` | `string` | Name of the secret containing CA certificates for mTLS. | `""` | -| `mTLS.caCertSecretKey` | `string` | Key in the CA certificate secret containing the CA certificate. | `"ca-cert.pem"` | -| `mTLS.insecureSkipVerify` | `boolean` | Whether to skip TLS verification. | `true` | -| `mTLS.watchForUpdates` | `boolean` | Whether to watch for certificate updates. | `true` | -| `metrics.enable` | `boolean` | Whether to enable Prometheus metrics. | `true` | - ---- - -## Example `values.yaml` - -```yaml -version : "v0.9.0" - -zookeeper-operator: - install: true - crd: - create: true - -resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" - -mTLS: - clientCertSecret: "" - caCertSecret: "" - caCertSecretKey: ca-cert.pem - insecureSkipVerify: true - watchForUpdates: true - -metrics: - enable: true -``` - ---- - -## Features - -- Deploys the Solr Operator for managing SolrCloud clusters -- Optional Zookeeper Operator integration -- Configurable resource limits and requests -- mTLS support for secure communication -- Prometheus metrics integration -- Leader election for high availability -- Role-based access control (RBAC) - ---- - -## Architecture - -The Solr Operator deployment includes: -- Deployment for the operator pod -- ServiceAccount for operator permissions -- Role and RoleBinding for RBAC -- Leader election configuration -- Metrics service for Prometheus integration -- Optional Zookeeper Operator deployment - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. +# Solr Operator Helm Chart + +This Helm chart deploys the Solr Operator on Kubernetes, which manages SolrCloud clusters and standalone Solr instances. The Solr Operator simplifies the deployment and management of Solr in Kubernetes environments. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the Solr Operator Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/solr-operator +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-solr-operator zopdev/solr-operator +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Solr Operator Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-solr-operator +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The Solr Operator Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `version` | `string` | Version of the Solr Operator to deploy. | `"v0.9.0"` | +| `zookeeper-operator.install` | `boolean` | Whether to install the Zookeeper Operator as a dependency. | `true` | +| `zookeeper-operator.crd.create` | `boolean` | Whether to create Zookeeper CRDs. | `true` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Solr Operator. | `"100m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Solr Operator. | `"128Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Solr Operator can use. | `"200m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the Solr Operator can use. | `"256Mi"` | +| `mTLS.clientCertSecret` | `string` | Name of the secret containing client certificates for mTLS. | `""` | +| `mTLS.caCertSecret` | `string` | Name of the secret containing CA certificates for mTLS. | `""` | +| `mTLS.caCertSecretKey` | `string` | Key in the CA certificate secret containing the CA certificate. | `"ca-cert.pem"` | +| `mTLS.insecureSkipVerify` | `boolean` | Whether to skip TLS verification. | `true` | +| `mTLS.watchForUpdates` | `boolean` | Whether to watch for certificate updates. | `true` | +| `metrics.enable` | `boolean` | Whether to enable Prometheus metrics. | `true` | + +--- + +## Example `values.yaml` + +```yaml +version : "v0.9.0" + +zookeeper-operator: + install: true + crd: + create: true + +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" + +mTLS: + clientCertSecret: "" + caCertSecret: "" + caCertSecretKey: ca-cert.pem + insecureSkipVerify: true + watchForUpdates: true + +metrics: + enable: true +``` + +--- + +## Features + +- Deploys the Solr Operator for managing SolrCloud clusters +- Optional Zookeeper Operator integration +- Configurable resource limits and requests +- mTLS support for secure communication +- Prometheus metrics integration +- Leader election for high availability +- Role-based access control (RBAC) + +--- + +## Architecture + +The Solr Operator deployment includes: +- Deployment for the operator pod +- ServiceAccount for operator permissions +- Role and RoleBinding for RBAC +- Leader election configuration +- Metrics service for Prometheus integration +- Optional Zookeeper Operator deployment + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. diff --git a/charts/solr-operator/crds/crds.yaml b/charts/solr-operator/crds/crds.yaml index 345c9828..bde0e056 100644 --- a/charts/solr-operator/crds/crds.yaml +++ b/charts/solr-operator/crds/crds.yaml @@ -1,25590 +1,25590 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - operator.solr.apache.org/version: v0.10.0-prerelease - argocd.argoproj.io/sync-options: Replace=true - controller-gen.kubebuilder.io/version: v0.16.4 - name: solrbackups.solr.apache.org -spec: - group: solr.apache.org - names: - kind: SolrBackup - listKind: SolrBackupList - plural: solrbackups - singular: solrbackup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Solr Cloud - jsonPath: .spec.solrCloud - name: Cloud - type: string - - description: Most recent time the backup started - jsonPath: .status.startTimestamp - name: Started - type: date - - description: Whether the most recent backup has finished - jsonPath: .status.finished - name: Finished - type: boolean - - description: Whether the most recent backup was successful - jsonPath: .status.successful - name: Successful - type: boolean - - description: Next scheduled time for a recurrent backup - format: date-time - jsonPath: .status.nextScheduledTime - name: NextBackup - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: SolrBackup is the Schema for the solrbackups API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SolrBackupSpec defines the desired state of SolrBackup - properties: - collections: - description: The list of collections to backup. - items: - type: string - type: array - location: - description: The location to store the backup in the specified backup - repository. - type: string - recurrence: - description: |- - Set this backup to be taken recurrently, with options for scheduling and storage. - - NOTE: This is only supported for Solr Clouds version 8.9+, as it uses the incremental backup API. - properties: - disabled: - default: false - description: Disable the recurring backups. Note this will not - affect any currently-running backup. - type: boolean - maxSaved: - default: 5 - description: |- - Define the number of backup points to save for this backup at any given time. - The oldest backups will be deleted if too many exist when a backup is taken. - If not provided, this defaults to 5. - minimum: 1 - type: integer - schedule: - description: |- - Perform a backup on the given schedule, in CRON format. - - Multiple CRON syntaxes are supported - - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") - - Predefined Schedules (e.g. "@yearly", "@weekly", "@daily", etc.) - - Intervals (e.g. "@every 10h30m") - - For more information please check this reference: - https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format - type: string - required: - - schedule - type: object - repositoryName: - description: |- - The name of the repository to use for the backup. Defaults to "legacy_local_repository" if not specified (the - auto-configured repository for legacy singleton volumes). - maxLength: 100 - minLength: 1 - pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' - type: string - solrCloud: - description: A reference to the SolrCloud to create a backup for - maxLength: 63 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - required: - - solrCloud - type: object - status: - description: SolrBackupStatus defines the observed state of SolrBackup - properties: - collectionBackupStatuses: - description: The status of each collection's backup progress - items: - description: CollectionBackupStatus defines the progress of a Solr - Collection's backup - properties: - asyncBackupStatus: - description: The status of the asynchronous backup call to solr - type: string - backupName: - description: BackupName of this collection's backup in Solr - type: string - collection: - description: Solr Collection name - type: string - finishTimestamp: - description: Time that the collection backup finished at - format: date-time - type: string - finished: - description: Whether the backup has finished - type: boolean - inProgress: - description: Whether the collection is being backed up - type: boolean - startTimestamp: - description: Time that the collection backup started at - format: date-time - type: string - successful: - description: Whether the backup was successful - type: boolean - required: - - collection - type: object - type: array - finishTimestamp: - description: The time that this backup was finished - format: date-time - type: string - finished: - description: Whether the backup has finished - type: boolean - history: - description: The status history of recurring backups - items: - description: IndividualSolrBackupStatus defines the observed state - of a single issued SolrBackup - properties: - collectionBackupStatuses: - description: The status of each collection's backup progress - items: - description: CollectionBackupStatus defines the progress of - a Solr Collection's backup - properties: - asyncBackupStatus: - description: The status of the asynchronous backup call - to solr - type: string - backupName: - description: BackupName of this collection's backup in - Solr - type: string - collection: - description: Solr Collection name - type: string - finishTimestamp: - description: Time that the collection backup finished - at - format: date-time - type: string - finished: - description: Whether the backup has finished - type: boolean - inProgress: - description: Whether the collection is being backed up - type: boolean - startTimestamp: - description: Time that the collection backup started at - format: date-time - type: string - successful: - description: Whether the backup was successful - type: boolean - required: - - collection - type: object - type: array - finishTimestamp: - description: The time that this backup was finished - format: date-time - type: string - finished: - description: Whether the backup has finished - type: boolean - solrVersion: - description: Version of the Solr being backed up - type: string - startTimestamp: - description: The time that this backup was initiated - format: date-time - type: string - successful: - description: Whether the backup was successful - type: boolean - type: object - type: array - nextScheduledTime: - description: The scheduled time for the next backup to occur - format: date-time - type: string - solrVersion: - description: Version of the Solr being backed up - type: string - startTimestamp: - description: The time that this backup was initiated - format: date-time - type: string - successful: - description: Whether the backup was successful - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - operator.solr.apache.org/version: v0.10.0-prerelease - argocd.argoproj.io/sync-options: Replace=true - controller-gen.kubebuilder.io/version: v0.16.4 - name: solrclouds.solr.apache.org -spec: - group: solr.apache.org - names: - kind: SolrCloud - listKind: SolrCloudList - plural: solrclouds - shortNames: - - solr - singular: solrcloud - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Solr Version of the cloud - jsonPath: .status.version - name: Version - type: string - - description: Target Solr Version of the cloud - jsonPath: .status.targetVersion - name: TargetVersion - type: string - - description: Number of solr nodes configured to run in the cloud - jsonPath: .spec.replicas - name: DesiredNodes - type: integer - - description: Number of solr nodes running - jsonPath: .status.replicas - name: Nodes - type: integer - - description: Number of solr nodes connected to the cloud - jsonPath: .status.readyReplicas - name: ReadyNodes - type: integer - - description: Number of solr nodes running the latest SolrCloud pod spec - jsonPath: .status.upToDateNodes - name: UpToDateNodes - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: SolrCloud is the Schema for the solrclouds API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SolrCloudSpec defines the desired state of SolrCloud - properties: - additionalLibs: - description: |- - List of paths in the Solr Docker image to load in the classpath. - Note: Solr Modules will be auto-loaded if specified in the "solrModules" property. There is no need to specify them here as well. - items: - type: string - type: array - availability: - description: Define how Solr nodes should be available. - properties: - podDisruptionBudget: - description: Define PodDisruptionBudget(s) to ensure availability - of Solr - properties: - enabled: - default: true - description: What method should be used when creating PodDisruptionBudget(s) - type: boolean - method: - default: ClusterWide - description: What method should be used when creating PodDisruptionBudget(s) - enum: - - ClusterWide - type: string - required: - - enabled - type: object - type: object - backupRepositories: - description: Allows specification of multiple different "repositories" - for Solr to use when backing up data. - items: - maxProperties: 2 - minProperties: 2 - properties: - gcs: - description: A GCSRepository for Solr to use when backing up - and restoring collections. - properties: - baseLocation: - description: An already-created chroot within the bucket - to store data in. Defaults to the root path "/" if not - specified. - type: string - bucket: - description: The name of the GCS bucket that all backup - data will be stored in - type: string - gcsCredentialSecret: - description: |- - The name & key of a Kubernetes secret holding a Google cloud service account key. Must be set unless deployed in - GKE and making use of Google's "Workplace Identity" feature. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - required: - - bucket - type: object - name: - description: |- - A name used to identify this local storage profile. Values should follow RFC-1123. (See here for more details: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names) - maxLength: 100 - minLength: 1 - pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' - type: string - s3: - description: An S3Repository for Solr to use when backing up - and restoring collections. - properties: - baseLocation: - description: An already-created chroot within the bucket - to store data in. Defaults to the root path "/" if not - specified. - type: string - bucket: - description: The name of the S3 bucket that all backup data - will be stored in - type: string - credentials: - description: |- - Options for specifying S3Credentials. This is optional in case you want to mount this information yourself. - However, if you do not include these credentials, and you do not load them yourself via a mount or EnvVars, - you will likely see errors when taking s3 backups. - - If running in EKS, you can create an IAMServiceAccount that uses a role permissioned for this S3 bucket. - Then use that serviceAccountName for your SolrCloud, and the credentials should be auto-populated. - properties: - accessKeyIdSecret: - description: The name & key of a Kubernetes secret holding - an AWS Access Key ID - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - credentialsFileSecret: - description: The name & key of a Kubernetes secret holding - an AWS credentials file - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secretAccessKeySecret: - description: The name & key of a Kubernetes secret holding - an AWS Secret Access Key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - sessionTokenSecret: - description: The name & key of a Kubernetes secret holding - an AWS Session Token - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - endpoint: - description: The full endpoint URL to use when connecting - with S3 (or a supported S3 compatible interface) - type: string - proxyUrl: - description: The full proxy URL to use when connecting with - S3 - type: string - region: - description: The S3 region to store the backup data in - type: string - required: - - bucket - - region - type: object - volume: - description: Allows specification of a "repository" for Solr - to use when backing up data "locally". - properties: - directory: - description: |- - Select a custom directory name to mount the backup/restore data in the given volume. - If not specified, then the name of the solrcloud will be used by default. - type: string - source: - description: |- - This is a volumeSource for a volume that will be mounted to all solrNodes to store backups and load restores. - The data within the volume will be namespaced for this instance, so feel free to use the same volume for multiple clouds. - Since the volume will be mounted to all solrNodes, it must be able to be written from multiple pods. - If a PVC reference is given, the PVC must have `accessModes: - ReadWriteMany`. - Other options are to use a NFS volume. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk - in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in - the blob storage - type: string - fsType: - default: ext4 - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure - managed data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - default: false - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name, - namespace and uid are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and then - exposed to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' - items: - type: string - type: array - x-kubernetes-list-type: atomic - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to - use for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the - specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - image: - description: |- - image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. - The volume is resolved at pod startup depending on which PullPolicy value is provided: - - - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - - The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. - A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. - The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. - The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). - The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. - properties: - pullPolicy: - description: |- - Policy for pulling OCI objects. Possible values are: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - type: string - reference: - description: |- - Required: Image or artifact reference to be used. - Behaves in the same way as pod.spec.containers[*].image. - Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - default: default - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - x-kubernetes-list-type: atomic - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: |- - sources is the list of volume projections. Each entry in this list - handles one source. - items: - description: |- - Projection that may be projected along with other supported volume types. - Exactly one of these fields must be set. - properties: - clusterTrustBundle: - description: |- - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating file. - - Alpha, gated by the ClusterTrustBundleProjection feature gate. - - ClusterTrustBundle objects can either be selected by name, or by the - combination of signer name and a label selector. - - Kubelet performs aggressive normalization of the PEM contents written - into the pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates are deduplicated. - The ordering of certificates within the file is arbitrary, and Kubelet - may change the order over time. - properties: - labelSelector: - description: |- - Select all ClusterTrustBundles that match this label selector. Only has - effect if signerName is set. Mutually-exclusive with name. If unset, - interpreted as "match nothing". If set but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: |- - Select a single ClusterTrustBundle by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: |- - If true, don't block pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the named ClusterTrustBundle is - allowed not to exist. If using signerName, then the combination of - signerName and labelSelector is allowed to match zero - ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume - root to write the bundle. - type: string - signerName: - description: |- - Select all ClusterTrustBundles that match this signer name. - Mutually-exclusive with name. The contents of all selected - ClusterTrustBundles will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about the - configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about - the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and uid - are supported.' - properties: - apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - secret: - description: secret information about the - secret data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - default: /etc/ceph/keyring - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - pool: - default: rbd - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - default: admin - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - default: xfs - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the - ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false - type: boolean - storageMode: - default: ThinProvisioned - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - optional: - description: optional field specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - type: object - required: - - source - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - busyBoxImage: - description: |- - ContainerImage defines the fields needed for a Docker repository image. The - format here matches the predominant format used in Helm charts. - properties: - imagePullSecret: - type: string - pullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - repository: - type: string - tag: - type: string - type: object - customSolrKubeOptions: - description: Provide custom options for kubernetes objects created - for the Solr Cloud. - properties: - commonServiceOptions: - description: CommonServiceOptions defines the custom options for - the common solrCloud Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Service. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the Service. - type: object - type: object - configMapOptions: - description: ServiceOptions defines the custom options for the - solrCloud ConfigMap. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the ConfigMap. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the ConfigMap. - type: object - providedConfigMap: - description: Name of a user provided ConfigMap in the same - namespace containing a custom solr.xml - type: string - type: object - headlessServiceOptions: - description: HeadlessServiceOptions defines the custom options - for the headless solrCloud Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Service. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the Service. - type: object - type: object - ingressOptions: - description: IngressOptions defines the custom options for the - solrCloud Ingress. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Ingress. - type: object - ingressClassName: - description: |- - IngressClassName is the name of the IngressClass cluster resource. The - associated IngressClass defines which controller will implement the resource. - maxLength: 63 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - labels: - additionalProperties: - type: string - description: Labels to be added for the Ingress. - type: object - type: object - nodeServiceOptions: - description: |- - NodeServiceOptions defines the custom options for the individual solrCloud Node services, if they are created. - These services will only be created when exposing SolrNodes externally via an Ingress in the AddressabilityOptions. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Service. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the Service. - type: object - type: object - podOptions: - description: SolrPodOptions defines the custom options for solrCloud - pods. - properties: - affinity: - description: The scheduling constraints on pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - description: Annotations to be added for pods. - type: object - containerSecurityContext: - description: ContainerSecurityContext the container-level - security context used by the pod's primary container - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - defaultInitContainerResources: - description: DefaultInitContainerResources are the resource - requirements for the default init container(s) created by - the Solr Operator, if any are created. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - envVars: - description: Additional environment variables to pass to the - default container. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: |- - ImagePullSecrets to apply to the pod. - These are for init/sidecarContainers in addition to the imagePullSecret defined for the - solr image. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: |- - Additional init containers to run in the pod. - These will run along with the init container that sets up the "solr.xml". - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: Labels to be added for pods. - type: object - lifecycle: - description: Lifecycle for the main container - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Liveness probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - description: Node Selector to be added for the StatefulSet. - type: object - podSecurityContext: - description: PodSecurityContext is the security context for - the pod. - properties: - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName for the pod - type: string - readinessProbe: - description: Readiness probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resources: - description: Resources is the resource requirements for the - default container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - serviceAccountName: - description: Optional Service Account to run the pod under. - type: string - shareProcessNamespace: - description: Should process namespace sharing be enabled on - created pods - type: boolean - sidecarContainers: - description: Sidecar containers to run in the pod. These are - in addition to the Solr Container - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - startupProbe: - description: Startup probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to - terminate gracefully. - format: int64 - minimum: 10 - type: integer - tolerations: - description: Tolerations to be added for the StatefulSet. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - Optional PodSpreadTopologyConstraints to use when scheduling pods. - More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - - Note: There is no need to provide a "labelSelector", as the operator will inject the labels for you if not provided. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: Additional non-data volumes to load into the - default container. - items: - description: AdditionalVolume provides information on additional - volumes that should be loaded into pods - properties: - defaultContainerMount: - description: |- - DefaultContainerMount defines how to mount this volume into the default container. - If this volume is to be used only with sidecar or non-default init containers, - then this option is not necessary. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - name: - description: Name of the volume - type: string - source: - description: Source is the source of the Volume to be - loaded into the solrCloud Pod - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data - disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk - in the blob storage - type: string - fsType: - default: ext4 - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - default: false - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to the - pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph tree, - default is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that - should populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API - volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query - over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - lun: - description: 'lun is Optional: FC target lun - number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' - items: - type: string - type: array - x-kubernetes-list-type: atomic - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field - holds extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a Flocker - dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for - the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - image: - description: |- - image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. - The volume is resolved at pod startup depending on which PullPolicy value is provided: - - - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - - The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. - A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. - The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. - The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). - The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. - properties: - pullPolicy: - description: |- - Policy for pulling OCI objects. Possible values are: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - type: string - reference: - description: |- - Required: Image or artifact reference to be used. - Behaves in the same way as pod.spec.containers[*].image. - Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. - type: string - iscsiInterface: - default: default - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun - number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - x-kubernetes-list-type: atomic - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a - Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: |- - sources is the list of volume projections. Each entry in this list - handles one source. - items: - description: |- - Projection that may be projected along with other supported volume types. - Exactly one of these fields must be set. - properties: - clusterTrustBundle: - description: |- - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating file. - - Alpha, gated by the ClusterTrustBundleProjection feature gate. - - ClusterTrustBundle objects can either be selected by name, or by the - combination of signer name and a label selector. - - Kubelet performs aggressive normalization of the PEM contents written - into the pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates are deduplicated. - The ordering of certificates within the file is arbitrary, and Kubelet - may change the order over time. - properties: - labelSelector: - description: |- - Select all ClusterTrustBundles that match this label selector. Only has - effect if signerName is set. Mutually-exclusive with name. If unset, - interpreted as "match nothing". If set but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: |- - Select a single ClusterTrustBundle by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: |- - If true, don't block pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the named ClusterTrustBundle is - allowed not to exist. If using signerName, then the combination of - signerName and labelSelector is allowed to match zero - ClusterTrustBundles. - type: boolean - path: - description: Relative path from the - volume root to write the bundle. - type: string - signerName: - description: |- - Select all ClusterTrustBundles that match this signer name. - Mutually-exclusive with name. The contents of all selected - ClusterTrustBundles will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about - the configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about - the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - secret: - description: secret information about - the secret data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional field specify - whether the Secret or its key must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - default: /etc/ceph/keyring - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - pool: - default: rbd - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - default: admin - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - default: xfs - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of - the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of - the ScaleIO Protection Domain for the configured - storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default false - type: boolean - storageMode: - default: ThinProvisioned - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - type: object - required: - - name - - source - type: object - type: array - type: object - statefulSetOptions: - description: StatefulSetOptions defines the custom options for - the solrCloud StatefulSet. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the StatefulSet. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the StatefulSet. - type: object - podManagementPolicy: - description: |- - PodManagementPolicy defines the policy for creating pods under a stateful set. - Override the default value of Parallel. - This cannot be updated on an existing StatefulSet, the StatefulSet must be deleted and recreated for a change in this field to take effect. - enum: - - OrderedReady - - Parallel - type: string - type: object - type: object - dataStorage: - description: |- - Customize how the cloud data is stored. - If neither "persistent" or "ephemeral" is provided, then ephemeral storage will be used by default. - properties: - ephemeral: - description: |- - EphemeralStorage is the specification for how the ephemeral Solr data storage should be configured. - - This option cannot be used with the "persistent" option. - Ephemeral storage is used by default if neither "persistent" or "ephemeral" is provided. - properties: - emptyDir: - description: EmptyDirVolumeSource is an optional config for - the emptydir volume that will store Solr data. - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - hostPath: - description: |- - HostPathVolumeSource is an optional config to specify a path on the host machine to store Solr data. - - If hostPath is omitted, then the default EmptyDir is used, otherwise hostPath takes precedence over EmptyDir. - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - type: object - persistent: - description: |- - PersistentStorage is the specification for how the persistent Solr data storage should be configured. - - This option cannot be used with the "ephemeral" option. - properties: - pvcTemplate: - description: |- - PersistentVolumeClaimTemplate is the PVC object for the solr node to store its data. - Within metadata, the Name, Labels and Annotations are able to be specified, but defaults will be provided if necessary. - The entire Spec is customizable, however there will be defaults provided if necessary. - This field is optional. If no PVC spec is provided, then a default will be provided. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - type: object - reclaimPolicy: - description: |- - VolumeReclaimPolicy determines how the Solr Cloud's PVCs will be treated after the cloud is deleted. - - Retain: This is the default Kubernetes policy, where PVCs created for StatefulSets are not deleted when the StatefulSet is deleted. - - Delete: The PVCs will be deleted by the Solr Operator after the SolrCloud object is deleted. - The default value is Retain, so no data will be deleted unless explicitly configured. - enum: - - Retain - - Delete - type: string - type: object - type: object - replicas: - description: The number of solr nodes to run - format: int32 - type: integer - scaling: - description: Configure how Solr nodes should be scaled. - properties: - populatePodsOnScaleUp: - default: true - description: |- - PopulatePodsOnScaleUp determines whether Solr replicas should be moved to newly-created Pods that have been - created due to the SolrCloud scaling up. - - This feature is only available to users using Solr 9.3 or newer. - If this is set to "true" for a cloud that is running an unsupported version of Solr, the replicas will not be moved. - type: boolean - vacatePodsOnScaleDown: - default: true - description: |- - VacatePodsOnScaleDown determines whether Solr replicas are moved off of a Pod before the Pod is - deleted due to the SolrCloud scaling down. - type: boolean - type: object - solrAddressability: - description: Customize how Solr is addressed both internally and externally - in Kubernetes. - properties: - commonServicePort: - description: |- - CommonServicePort defines the port to have the common Solr service listen on. - Defaults to 80 (when not using TLS) or 443 (when using TLS) - type: integer - external: - description: |- - External defines the way in which this SolrCloud nodes should be made addressable externally, from outside the Kubernetes cluster. - If none is provided, the Solr Cloud will not be made addressable externally. - properties: - additionalDomainNames: - description: |- - Provide additional domainNames that the Ingress or ExternalDNS should listen on. - This option is ignored with the LoadBalancer method. - items: - type: string - type: array - domainName: - description: |- - Override the domainName provided as startup parameters to the operator, used by ingresses and externalDNS. - The common and/or node services will be addressable by unique names under the given domain. - e.g. given.domain.name.com -> default-example-solrcloud.given.domain.name.com - - For the LoadBalancer method, this field is optional and will only be used when useExternalAddress=true. - If used with the LoadBalancer method, you will need DNS routing to the LoadBalancer IP address through the url template given above. - type: string - hideCommon: - description: |- - Do not expose the common Solr service externally. This affects a single service. - Defaults to false. - type: boolean - hideNodes: - description: |- - Do not expose each of the Solr Node services externally. - The number of services this affects could range from 1 (a headless service for ExternalDNS) to the number of Solr pods your cloud contains (individual node services for Ingress/LoadBalancer). - Defaults to false. - type: boolean - ingressTLSTermination: - description: |- - IngressTLSTermination tells the SolrCloud Ingress to terminate TLS on incoming connections. - - This is option is only available when Method=Ingress, because ExternalDNS and LoadBalancer Services do not support TLS termination. - This option is also unavailable when the SolrCloud has TLS enabled via `spec.solrTLS`, in this case the Ingress cannot terminate TLS before reaching Solr. - - When using this option, the UseExternalAddress option will be disabled, since Solr cannot be running in HTTP mode and making internal requests in HTTPS. - maxProperties: 1 - properties: - tlsSecret: - description: TLSSecret defines a TLS Secret to use for - TLS termination of all exposed addresses for this SolrCloud - in the Ingress. - type: string - useDefaultTLSSecret: - description: |- - UseDefaultTLSSecret determines whether the ingress should use the default TLS secret provided by the Ingress implementation. - - For example, using nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate - type: boolean - type: object - method: - description: The way in which this SolrCloud's service(s) - should be made addressable externally. - enum: - - Ingress - - ExternalDNS - type: string - nodePortOverride: - description: |- - NodePortOverride defines the port to have all Solr node service(s) listen on and advertise itself as if advertising through an Ingress or LoadBalancer. - This overrides the default usage of the podPort. - - This is option is only used when HideNodes=false, otherwise the the port each Solr Node will advertise itself with the podPort. - This option is also unavailable with the ExternalDNS method. - - If using method=Ingress, your ingress controller is required to listen on this port. - If your ingress controller is not listening on the podPort, then this option is required for solr to be addressable via an Ingress. - - Defaults to 80 (without TLS) or 443 (with TLS) if HideNodes=false and method=Ingress, otherwise this is optional. - type: integer - useExternalAddress: - description: |- - Use the external address to advertise the SolrNode, defaults to false. - - If false, the external address will be available, however Solr (and clients using the CloudSolrClient in SolrJ) will only be aware of the internal URLs. - If true, Solr will startup with the hostname of the external address. - - NOTE: This option cannot be true when hideNodes is set to true. So it will be auto-set to false if that is the case. - type: boolean - required: - - domainName - - method - type: object - kubeDomain: - description: |- - KubeDomain allows for the specification of an override of the default "cluster.local" Kubernetes cluster domain. - Only use this option if the Kubernetes cluster has been setup with a custom domain. - type: string - podPort: - description: |- - PodPort defines the port to have the Solr Pod listen on. - Defaults to 8983 - type: integer - type: object - solrClientTLS: - description: Options to configure client TLS certificate for Solr - pods - properties: - checkPeerName: - description: TLS certificates contain host/ip "peer name" information - that is validated by default. - type: boolean - clientAuth: - default: None - description: |- - Determines the client authentication method, either None, Want, or Need; - this affects K8s ability to call liveness / readiness probes so use cautiously. - Only applies for server certificates, has no effect on client certificates - enum: - - None - - Want - - Need - type: string - keyStorePasswordSecret: - description: Secret containing the key store password; this field - is required unless mountedTLSDir is used, as most JVMs do not - support pkcs12 keystores without a password - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - mountedTLSDir: - description: |- - Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. - This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. - properties: - keystoreFile: - description: |- - Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - keystorePassword: - description: Set the password of the keystore explicitly. - Cannot be used with "keystorePasswordFile" - type: string - keystorePasswordFile: - description: Override the name of the keystore password file; - defaults to keystore-password, if "keystorePassword" is - not provided. - type: string - path: - description: The path on the main Solr container where the - TLS files are mounted by some external agent or CSI Driver - type: string - truststoreFile: - description: |- - Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - truststorePassword: - description: Set the password of the truststore explicitly. - If "keystorePassword" is provided, and "truststorePasswordFile" - is not, this will be defaulted to "keystorePassword". - type: string - truststorePasswordFile: - description: Override the name of the truststore password - file; defaults to the same value as the KeystorePasswordFile, - if "truststorePassword" is not provided. - type: string - required: - - path - type: object - pkcs12Secret: - description: TLS Secret containing a pkcs12 keystore; required - for Solr pods unless mountedTLSDir is used - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - restartOnTLSSecretUpdate: - description: |- - Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. - This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, - you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. - type: boolean - trustStorePasswordSecret: - description: Secret containing the trust store password; if not - provided the keyStorePassword will be used - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - trustStoreSecret: - description: |- - TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore - The specified key is used as the truststore file name when mounted into Solr pods - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - verifyClientHostname: - description: |- - Verify client's hostname during SSL handshake - Only applies for server configuration - type: boolean - type: object - solrGCTune: - description: Set GC Tuning configuration through GC_TUNE environment - variable - type: string - solrImage: - description: |- - ContainerImage defines the fields needed for a Docker repository image. The - format here matches the predominant format used in Helm charts. - properties: - imagePullSecret: - type: string - pullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - repository: - type: string - tag: - type: string - type: object - solrJavaMem: - type: string - solrLogLevel: - description: Set the Solr Log level, defaults to INFO - type: string - solrModules: - description: |- - List of Solr Modules to be loaded when starting Solr - Note: You do not need to specify a module if it is required by another property (e.g. backupRepositories[].gcs) - items: - type: string - type: array - solrOpts: - description: |- - You can add common system properties to the SOLR_OPTS environment variable - SolrOpts is the string interface for these optional settings - type: string - solrSecurity: - description: Options to enable Solr security - properties: - authenticationType: - description: |- - Indicates the authentication plugin type that is being used by Solr; for now only "Basic" is supported by the - Solr operator but support for other authentication plugins may be added in the future. - enum: - - Basic - type: string - basicAuthSecret: - description: |- - Secret (kubernetes.io/basic-auth) containing credentials the operator should use for API requests to secure Solr pods. - If you provide this secret, then the operator assumes you've also configured your own security.json file and - uploaded it to Solr. If you change the password for this user using the Solr security API, then you *must* update - the secret with the new password or the operator will be locked out of Solr and API requests will fail, - ultimately causing a CrashBackoffLoop for all pods if probe endpoints are secured (see 'probesRequireAuth' setting). - - If you don't supply this secret, then the operator creates a kubernetes.io/basic-auth secret containing the password - for the "k8s-oper" user. All API requests from the operator are made as the "k8s-oper" user, which is configured - with read-only access to a minimal set of endpoints. In addition, the operator bootstraps a default security.json - file and credentials for two additional users: admin and solr. The 'solr' user has basic read access to Solr - resources. Once the security.json is bootstrapped, the operator will not update it! You're expected to use the - 'admin' user to access the Security API to make further changes. It's strictly a bootstrapping operation. - type: string - bootstrapSecurityJson: - description: |- - Configure a user-provided security.json from a secret to allow for advanced security config. - If not specified, the operator bootstraps a security.json with basic auth enabled. - This is a bootstrapping config only; once Solr is initialized, the security config should be managed by the security API. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - probesRequireAuth: - description: |- - Flag to indicate if the configured HTTP endpoint(s) used for the probes require authentication; defaults - to false. If you set to true, then probes will use a local command on the main container to hit the secured - endpoints with credentials sourced from an env var instead of HTTP directly. - type: boolean - type: object - solrTLS: - description: Options to enable the server TLS certificate for Solr - pods - properties: - checkPeerName: - description: TLS certificates contain host/ip "peer name" information - that is validated by default. - type: boolean - clientAuth: - default: None - description: |- - Determines the client authentication method, either None, Want, or Need; - this affects K8s ability to call liveness / readiness probes so use cautiously. - Only applies for server certificates, has no effect on client certificates - enum: - - None - - Want - - Need - type: string - keyStorePasswordSecret: - description: Secret containing the key store password; this field - is required unless mountedTLSDir is used, as most JVMs do not - support pkcs12 keystores without a password - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - mountedTLSDir: - description: |- - Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. - This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. - properties: - keystoreFile: - description: |- - Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - keystorePassword: - description: Set the password of the keystore explicitly. - Cannot be used with "keystorePasswordFile" - type: string - keystorePasswordFile: - description: Override the name of the keystore password file; - defaults to keystore-password, if "keystorePassword" is - not provided. - type: string - path: - description: The path on the main Solr container where the - TLS files are mounted by some external agent or CSI Driver - type: string - truststoreFile: - description: |- - Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - truststorePassword: - description: Set the password of the truststore explicitly. - If "keystorePassword" is provided, and "truststorePasswordFile" - is not, this will be defaulted to "keystorePassword". - type: string - truststorePasswordFile: - description: Override the name of the truststore password - file; defaults to the same value as the KeystorePasswordFile, - if "truststorePassword" is not provided. - type: string - required: - - path - type: object - pkcs12Secret: - description: TLS Secret containing a pkcs12 keystore; required - for Solr pods unless mountedTLSDir is used - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - restartOnTLSSecretUpdate: - description: |- - Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. - This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, - you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. - type: boolean - trustStorePasswordSecret: - description: Secret containing the trust store password; if not - provided the keyStorePassword will be used - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - trustStoreSecret: - description: |- - TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore - The specified key is used as the truststore file name when mounted into Solr pods - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - verifyClientHostname: - description: |- - Verify client's hostname during SSL handshake - Only applies for server configuration - type: boolean - type: object - solrZkOpts: - description: |- - This will add java system properties for connecting to Zookeeper. - SolrZkOpts is the string interface for these optional settings - type: string - updateStrategy: - description: Define how Solr rolling updates are executed. - properties: - managed: - description: Options for Solr Operator Managed rolling updates. - properties: - maxPodsUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of the desired number of pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - If the provided number is 0 or negative, then all pods will be allowed to be updated in unison. - - Defaults to 25%. - x-kubernetes-int-or-string: true - maxShardReplicasUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of replicas for each shard that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of replicas in a shard (ex: 25%). - Absolute number is calculated from percentage by rounding down. - If the provided number is 0 or negative, then all replicas will be allowed to be updated in unison. - - Defaults to 1. - x-kubernetes-int-or-string: true - type: object - method: - description: Method defines the way in which SolrClouds should - be updated when the podSpec changes. - enum: - - Managed - - StatefulSet - - Manual - type: string - restartSchedule: - description: |- - Perform a scheduled restart on the given schedule, in CRON format. - - Multiple CRON syntaxes are supported - - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") - - Predefined Schedules (e.g. "@yearly", "@weekly", etc.) - - Intervals (e.g. "@every 10h30m") - - For more information please check this reference: - https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format - type: string - type: object - zookeeperRef: - description: |- - The information for the Zookeeper this SolrCloud should connect to - Can be a zookeeper that is running, or one that is created by the solr operator - properties: - connectionInfo: - description: |- - A zookeeper ensemble that is run independently of the solr operator - If an externalConnectionString is provided, but no internalConnectionString is, the external will be used as the internal - properties: - acl: - description: |- - ZooKeeper ACL to use when connecting with ZK. - This ACL should have ALL permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - chroot: - description: The ChRoot to connect solr at - type: string - externalConnectionString: - description: |- - The connection string to connect to the ensemble from outside of the Kubernetes cluster - If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string - type: string - internalConnectionString: - description: The connection string to connect to the ensemble - from within the Kubernetes cluster - type: string - readOnlyAcl: - description: |- - ZooKeeper ACL to use when connecting with ZK for reading operations. - This ACL should have READ permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - type: object - provided: - description: |- - Create a new Zookeeper Ensemble with the following spec - Note: This option will not allow the SolrCloud to run across kube-clusters. - Note: Requires - - The zookeeperOperator flag to be provided to the Solr Operator - - A zookeeper operator to be running - properties: - acl: - description: |- - ZooKeeper ACL to use when connecting with ZK. - This ACL should have ALL permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - adminServerService: - description: |- - AdminServerService defines the policy to create AdminServer Service - for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations specifies the annotations to attach to AdminServer service the operator - creates. - type: object - external: - type: boolean - type: object - chroot: - description: The ChRoot to connect solr at - type: string - clientService: - description: |- - ClientService defines the policy to create client Service - for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations specifies the annotations to attach to client service the operator - creates. - type: object - type: object - config: - description: Additional Zookeeper Configuration settings - properties: - additionalConfig: - additionalProperties: - type: string - description: key-value map of additional zookeeper configuration - parameters - type: object - x-kubernetes-preserve-unknown-fields: true - autoPurgePurgeInterval: - description: |- - The time interval in hours for which the purge task has to be triggered - - Disabled by default - type: integer - autoPurgeSnapRetainCount: - description: |- - Retain the snapshots according to retain count - - The default value is 3 - type: integer - commitLogCount: - description: |- - Zookeeper maintains an in-memory list of last committed requests for fast - synchronization with followers - - The default value is 500 - type: integer - globalOutstandingLimit: - description: |- - Clients can submit requests faster than ZooKeeper can process them, especially - if there are a lot of clients. Zookeeper will throttle Clients so that requests - won't exceed global outstanding limit. - - The default value is 1000 - type: integer - initLimit: - description: |- - InitLimit is the amount of time, in ticks, to allow followers to connect - and sync to a leader. - - Default value is 10. - type: integer - maxClientCnxns: - description: |- - Limits the number of concurrent connections that a single client, identified - by IP address, may make to a single member of the ZooKeeper ensemble. - - The default value is 60 - type: integer - maxCnxns: - description: |- - Limits the total number of concurrent connections that can be made to a - zookeeper server - - The defult value is 0, indicating no limit - type: integer - maxSessionTimeout: - description: |- - The maximum session timeout in milliseconds that the server will allow the - client to negotiate. - - The default value is 40000 - type: integer - minSessionTimeout: - description: |- - The minimum session timeout in milliseconds that the server will allow the - client to negotiate - - The default value is 4000 - type: integer - preAllocSize: - description: |- - To avoid seeks ZooKeeper allocates space in the transaction log file in - blocks of preAllocSize kilobytes - - The default value is 64M - type: integer - quorumListenOnAllIPs: - description: |- - QuorumListenOnAllIPs when set to true the ZooKeeper server will listen for - connections from its peers on all available IP addresses, and not only the - address configured in the server list of the configuration file. It affects - the connections handling the ZAB protocol and the Fast Leader Election protocol. - - The default value is false. - type: boolean - snapCount: - description: |- - ZooKeeper records its transactions using snapshots and a transaction log - The number of transactions recorded in the transaction log before a snapshot - can be taken is determined by snapCount - - The default value is 100,000 - type: integer - snapSizeLimitInKb: - description: |- - Snapshot size limit in Kb - - The defult value is 4GB - type: integer - syncLimit: - description: |- - SyncLimit is the amount of time, in ticks, to allow followers to sync with - Zookeeper. - - The default value is 2. - type: integer - tickTime: - description: |- - TickTime is the length of a single tick, which is the basic time unit used - by Zookeeper, as measured in milliseconds - - The default value is 2000. - type: integer - type: object - containers: - description: Containers defines to support multi containers - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - ephemeral: - description: |- - Ephemeral is the configuration which helps create ephemeral storage - At anypoint only one of Persistence or Ephemeral should be present in the manifest - properties: - emptydirvolumesource: - description: |- - EmptyDirVolumeSource is optional and this will create the emptydir volume - It has two parameters Medium and SizeLimit which are optional as well - Medium specifies What type of storage medium should back this directory. - SizeLimit specifies Total amount of local storage required for this EmptyDir volume. - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - headlessService: - description: |- - HeadlessService defines the policy to create headless Service - for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations specifies the annotations to attach to headless service the operator - creates. - type: object - type: object - image: - description: Image of Zookeeper to run - properties: - imagePullSecret: - type: string - pullPolicy: - description: PullPolicy describes a policy for if/when - to pull a container image - type: string - repository: - type: string - tag: - type: string - type: object - initContainers: - description: Init containers to support initialization - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: |- - Labels specifies the labels to attach to all resources the operator - creates for the zookeeper cluster, including StatefulSet, Pod, - PersistentVolumeClaim, Service, ConfigMap, et al. - type: object - maxUnavailableReplicas: - default: 1 - description: |- - MaxUnavailableReplicas defines the - MaxUnavailable Replicas in pdb. - Default is 1. - format: int32 - minimum: 1 - type: integer - persistence: - description: |- - Persistence is the configuration for zookeeper persistent layer. - PersistentVolumeClaimSpec and VolumeReclaimPolicy can be specified in here. - At anypoint only one of Persistence or Ephemeral should be present in the manifest - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations specifies the annotations to attach to pvc the operator - creates. - type: object - reclaimPolicy: - description: |- - VolumeReclaimPolicy is a zookeeper operator configuration. If it's set to Delete, - the corresponding PVCs will be deleted by the operator when zookeeper cluster is deleted. - The default value is Retain. - enum: - - Retain - - Delete - type: string - spec: - description: |- - PersistentVolumeClaimSpec is the spec to describe PVC for the container - This field is optional. If no PVC is specified default persistentvolume - will get created. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - type: object - probes: - description: |- - Probes specifies the timeout values for the Readiness and Liveness Probes - for the zookeeper pods. - properties: - livenessProbe: - properties: - failureThreshold: - format: int32 - minimum: 0 - type: integer - initialDelaySeconds: - format: int32 - minimum: 0 - type: integer - periodSeconds: - format: int32 - minimum: 0 - type: integer - successThreshold: - format: int32 - minimum: 0 - type: integer - timeoutSeconds: - format: int32 - minimum: 0 - type: integer - type: object - readinessProbe: - properties: - failureThreshold: - format: int32 - minimum: 0 - type: integer - initialDelaySeconds: - format: int32 - minimum: 0 - type: integer - periodSeconds: - format: int32 - minimum: 0 - type: integer - successThreshold: - format: int32 - minimum: 0 - type: integer - timeoutSeconds: - format: int32 - minimum: 0 - type: integer - type: object - type: object - readOnlyAcl: - description: |- - ZooKeeper ACL to use when connecting with ZK for reading operations. - This ACL should have READ permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - replicas: - default: 3 - description: |- - Number of members to create up for the ZK ensemble - Defaults to 3 - format: int32 - minimum: 1 - type: integer - volumeMounts: - description: VolumeMounts defines to support customized volumeMounts - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes defines to support customized volumes - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk - in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in - the blob storage - type: string - fsType: - default: ext4 - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure - managed data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - default: false - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name, - namespace and uid are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and then - exposed to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' - items: - type: string - type: array - x-kubernetes-list-type: atomic - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to - use for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the - specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - image: - description: |- - image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. - The volume is resolved at pod startup depending on which PullPolicy value is provided: - - - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - - The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. - A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. - The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. - The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). - The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. - properties: - pullPolicy: - description: |- - Policy for pulling OCI objects. Possible values are: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - type: string - reference: - description: |- - Required: Image or artifact reference to be used. - Behaves in the same way as pod.spec.containers[*].image. - Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - default: default - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - x-kubernetes-list-type: atomic - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: |- - sources is the list of volume projections. Each entry in this list - handles one source. - items: - description: |- - Projection that may be projected along with other supported volume types. - Exactly one of these fields must be set. - properties: - clusterTrustBundle: - description: |- - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating file. - - Alpha, gated by the ClusterTrustBundleProjection feature gate. - - ClusterTrustBundle objects can either be selected by name, or by the - combination of signer name and a label selector. - - Kubelet performs aggressive normalization of the PEM contents written - into the pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates are deduplicated. - The ordering of certificates within the file is arbitrary, and Kubelet - may change the order over time. - properties: - labelSelector: - description: |- - Select all ClusterTrustBundles that match this label selector. Only has - effect if signerName is set. Mutually-exclusive with name. If unset, - interpreted as "match nothing". If set but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: |- - Select a single ClusterTrustBundle by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: |- - If true, don't block pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the named ClusterTrustBundle is - allowed not to exist. If using signerName, then the combination of - signerName and labelSelector is allowed to match zero - ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume - root to write the bundle. - type: string - signerName: - description: |- - Select all ClusterTrustBundles that match this signer name. - Mutually-exclusive with name. The contents of all selected - ClusterTrustBundles will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about the - configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about - the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and uid - are supported.' - properties: - apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - secret: - description: secret information about the - secret data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - default: /etc/ceph/keyring - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - pool: - default: rbd - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - default: admin - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - default: xfs - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the - ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the - ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL - communication with Gateway, default false - type: boolean - storageMode: - default: ThinProvisioned - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - optional: - description: optional field specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated - with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - zookeeperPodPolicy: - description: Customization options for the Zookeeper Pod - properties: - affinity: - description: The scheduling constraints on pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in - the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - description: |- - Annotations specifies the annotations to attach to zookeeper pods - creates. - type: object - env: - description: List of environment variables to set in the - main ZK container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: ImagePullSecrets is a list of references - to secrets in the same namespace to use for pulling - any images - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - labels: - additionalProperties: - type: string - description: |- - Labels specifies the labels to attach to pods the operator creates for - the zookeeper cluster. - type: object - nodeSelector: - additionalProperties: - type: string - description: Node Selector to be added on pods. - type: object - resources: - description: Resources is the resource requirements for - the Zookeeper container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - securityContext: - description: |- - SecurityContext specifies the security context for the entire zookeeper pod - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context - properties: - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to - be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: Optional Service Account to run the zookeeper - pods under. - type: string - terminationGracePeriodSeconds: - description: |- - TerminationGracePeriodSeconds is the amount of time that kubernetes will - give for a zookeeper pod instance to shutdown normally. - The default value is 30. - format: int64 - minimum: 0 - type: integer - tolerations: - description: Tolerations to be added on pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints to apply to the - pods - items: - description: TopologySpreadConstraint specifies how - to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - status: - description: SolrCloudStatus defines the observed state of SolrCloud - properties: - backupRepositoriesAvailable: - additionalProperties: - type: boolean - description: BackupRepositoriesAvailable lists the backupRepositories - specified in the SolrCloud and whether they are available across - all Pods. - type: object - backupRestoreReady: - description: |- - BackupRestoreReady announces whether the solrCloud has the backupRestorePVC mounted to all pods - and therefore is ready for backups and restores. - type: boolean - externalCommonAddress: - description: |- - ExternalCommonAddress is the external common http address for all solr nodes. - Will only be provided when an ingressUrl is provided for the cloud - type: string - internalCommonAddress: - description: InternalCommonAddress is the internal common http address - for all solr nodes - type: string - podSelector: - description: PodSelector for SolrCloud pods, required by the HPA - type: string - readyReplicas: - default: 0 - description: ReadyReplicas is the number of ready pods in the cluster - format: int32 - minimum: 0 - type: integer - replicas: - default: 0 - description: Replicas is the number of pods created by the StatefulSet - format: int32 - minimum: 0 - type: integer - solrNodes: - description: SolrNodes contain the statuses of each solr node running - in this solr cloud. - items: - description: |- - SolrNodeStatus is the status of a solrNode in the cloud, with readiness status - and internal and external addresses - properties: - externalAddress: - description: |- - An address the node can be connected to from outside of the Kube cluster - Will only be provided when an ingressUrl is provided for the cloud - type: string - internalAddress: - description: An address the node can be connected to from within - the Kube cluster - type: string - name: - description: The name of the pod running the node - type: string - nodeName: - description: The name of the Kubernetes Node which the pod is - running on - type: string - ready: - description: Is the node up and running - type: boolean - scheduledForDeletion: - description: This Solr Node pod is scheduled for deletion - type: boolean - specUpToDate: - description: This Solr Node pod is using the latest version - of solrcloud pod spec. - type: boolean - version: - description: The version of solr that the node is running - type: string - required: - - internalAddress - - name - - nodeName - - ready - - specUpToDate - - version - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - targetVersion: - description: |- - The version of solr that the cloud is meant to be running. - Will only be provided when the cloud is migrating between versions - type: string - upToDateNodes: - default: 0 - description: UpToDateNodes is the number of Solr Node pods that are - running the latest pod spec - format: int32 - minimum: 0 - type: integer - version: - description: The version of solr that the cloud is running - type: string - zookeeperConnectionInfo: - description: ZookeeperConnectionInfo is the information on how to - connect to the used Zookeeper - properties: - acl: - description: |- - ZooKeeper ACL to use when connecting with ZK. - This ACL should have ALL permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - chroot: - description: The ChRoot to connect solr at - type: string - externalConnectionString: - description: |- - The connection string to connect to the ensemble from outside of the Kubernetes cluster - If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string - type: string - internalConnectionString: - description: The connection string to connect to the ensemble - from within the Kubernetes cluster - type: string - readOnlyAcl: - description: |- - ZooKeeper ACL to use when connecting with ZK for reading operations. - This ACL should have READ permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret that - contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret that - contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - type: object - required: - - internalCommonAddress - - podSelector - - readyReplicas - - replicas - - solrNodes - - upToDateNodes - - version - - zookeeperConnectionInfo - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.podSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.readyReplicas - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - operator.solr.apache.org/version: v0.10.0-prerelease - argocd.argoproj.io/sync-options: Replace=true - controller-gen.kubebuilder.io/version: v0.16.4 - name: solrprometheusexporters.solr.apache.org -spec: - group: solr.apache.org - names: - kind: SolrPrometheusExporter - listKind: SolrPrometheusExporterList - plural: solrprometheusexporters - shortNames: - - solrmetrics - singular: solrprometheusexporter - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Whether the prometheus exporter is ready - jsonPath: .status.ready - name: Ready - type: boolean - - description: Scrape interval for metrics (in ms) - jsonPath: .spec.scrapeInterval - name: Scrape Interval - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: SolrPrometheusExporter is the Schema for the solrprometheusexporters - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SolrPrometheusExporterSpec defines the desired state of SolrPrometheusExporter - properties: - busyBoxImage: - description: |- - An initContainer is needed to create a wrapper script around the exporter entrypoint when TLS is enabled - with the `spec.solrReference.solrTLS.mountedTLSDir` option - properties: - imagePullSecret: - type: string - pullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - repository: - type: string - tag: - type: string - type: object - customKubeOptions: - description: Provide custom options for kubernetes objects created - for the SolrPrometheusExporter. - properties: - configMapOptions: - description: ServiceOptions defines the custom options for the - solrPrometheusExporter ConfigMap. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the ConfigMap. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the ConfigMap. - type: object - providedConfigMap: - description: Name of a user provided ConfigMap in the same - namespace containing a custom solr.xml - type: string - type: object - deploymentOptions: - description: DeploymentOptions defines the custom options for - the solrPrometheusExporter Deployment. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Deployment. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the Deployment. - type: object - type: object - podOptions: - description: SolrPodOptions defines the custom options for the - solrPrometheusExporter pods. - properties: - affinity: - description: The scheduling constraints on pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - description: Annotations to be added for pods. - type: object - containerSecurityContext: - description: ContainerSecurityContext the container-level - security context used by the pod's primary container - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - defaultInitContainerResources: - description: DefaultInitContainerResources are the resource - requirements for the default init container(s) created by - the Solr Operator, if any are created. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - envVars: - description: Additional environment variables to pass to the - default container. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: |- - ImagePullSecrets to apply to the pod. - These are for init/sidecarContainers in addition to the imagePullSecret defined for the - solr image. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: |- - Additional init containers to run in the pod. - These will run along with the init container that sets up the "solr.xml". - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: Labels to be added for pods. - type: object - lifecycle: - description: Lifecycle for the main container - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request to - perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Liveness probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - description: Node Selector to be added for the StatefulSet. - type: object - podSecurityContext: - description: PodSecurityContext is the security context for - the pod. - properties: - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName for the pod - type: string - readinessProbe: - description: Readiness probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resources: - description: Resources is the resource requirements for the - default container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - serviceAccountName: - description: Optional Service Account to run the pod under. - type: string - shareProcessNamespace: - description: Should process namespace sharing be enabled on - created pods - type: boolean - sidecarContainers: - description: Sidecar containers to run in the pod. These are - in addition to the Solr Container - items: - description: A single application container that you want - to run within a pod. - properties: - args: - description: |- - Arguments to the entrypoint. - The container image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - image: - description: |- - Container image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port - in a single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - restartPolicy: - description: |- - RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: - this init container will be continually restarted on - exit until all regular containers have terminated. Once all regular - containers have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although this init - container still starts in the init container sequence, it does not wait - for the container to complete before proceeding to the next init - container. Instead, the next init container starts immediately after this - init container is started, or after any startupProbe has successfully - completed. - type: string - securityContext: - description: |- - SecurityContext defines the security options the container should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: |- - StartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the container's termination message - will be written is mounted into the container's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the container status message on both success and failure. - FallbackToLogsOnError will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices - to be used by the container. - items: - description: volumeDevice describes a mapping of a - raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of - the container that the device will be mapped - to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - devicePath - x-kubernetes-list-type: map - volumeMounts: - description: |- - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a - Volume within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - mountPath - x-kubernetes-list-type: map - workingDir: - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - required: - - name - type: object - type: array - startupProbe: - description: Startup probe parameters - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - default: "" - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a - TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to - terminate gracefully. - format: int64 - minimum: 10 - type: integer - tolerations: - description: Tolerations to be added for the StatefulSet. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - Optional PodSpreadTopologyConstraints to use when scheduling pods. - More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - - Note: There is no need to provide a "labelSelector", as the operator will inject the labels for you if not provided. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: Additional non-data volumes to load into the - default container. - items: - description: AdditionalVolume provides information on additional - volumes that should be loaded into pods - properties: - defaultContainerMount: - description: |- - DefaultContainerMount defines how to mount this volume into the default container. - If this volume is to be used only with sidecar or non-default init containers, - then this option is not necessary. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - name: - description: Name of the volume - type: string - source: - description: Source is the source of the Volume to be - loaded into the solrCloud Pod - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data - disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk - in the blob storage - type: string - fsType: - default: ext4 - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - default: false - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to the - pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name and - Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on - the host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph tree, - default is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that - should populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API - volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query - over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and - then exposed to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - lun: - description: 'lun is Optional: FC target lun - number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' - items: - type: string - type: array - x-kubernetes-list-type: atomic - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field - holds extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a Flocker - dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for - the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - image: - description: |- - image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. - The volume is resolved at pod startup depending on which PullPolicy value is provided: - - - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - - The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. - A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. - The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. - The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). - The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. - properties: - pullPolicy: - description: |- - Policy for pulling OCI objects. Possible values are: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - type: string - reference: - description: |- - Required: Image or artifact reference to be used. - Behaves in the same way as pod.spec.containers[*].image. - Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. - type: string - iscsiInterface: - default: default - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun - number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - x-kubernetes-list-type: atomic - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for - iSCSI target and initiator authentication - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets - host machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a - Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: |- - sources is the list of volume projections. Each entry in this list - handles one source. - items: - description: |- - Projection that may be projected along with other supported volume types. - Exactly one of these fields must be set. - properties: - clusterTrustBundle: - description: |- - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating file. - - Alpha, gated by the ClusterTrustBundleProjection feature gate. - - ClusterTrustBundle objects can either be selected by name, or by the - combination of signer name and a label selector. - - Kubelet performs aggressive normalization of the PEM contents written - into the pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates are deduplicated. - The ordering of certificates within the file is arbitrary, and Kubelet - may change the order over time. - properties: - labelSelector: - description: |- - Select all ClusterTrustBundles that match this label selector. Only has - effect if signerName is set. Mutually-exclusive with name. If unset, - interpreted as "match nothing". If set but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: |- - Select a single ClusterTrustBundle by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: |- - If true, don't block pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the named ClusterTrustBundle is - allowed not to exist. If using signerName, then the combination of - signerName and labelSelector is allowed to match zero - ClusterTrustBundles. - type: boolean - path: - description: Relative path from the - volume root to write the bundle. - type: string - signerName: - description: |- - Select all ClusterTrustBundles that match this signer name. - Mutually-exclusive with name. The contents of all selected - ClusterTrustBundles will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about - the configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about - the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name, namespace and - uid are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - secret: - description: secret information about - the secret data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional field specify - whether the Secret or its key must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to - project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - default: /etc/ceph/keyring - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - pool: - default: rbd - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - default: admin - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - default: xfs - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of - the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of - the ScaleIO Protection Domain for the configured - storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default false - type: boolean - storageMode: - default: ThinProvisioned - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - type: object - required: - - name - - source - type: object - type: array - type: object - serviceOptions: - description: ServiceOptions defines the custom options for the - solrPrometheusExporter Service. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added for the Service. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added for the Service. - type: object - type: object - type: object - exporterEntrypoint: - description: The entrypoint into the exporter. Defaults to the official - docker-solr location. - type: string - image: - description: Image of Solr Prometheus Exporter to run. - properties: - imagePullSecret: - type: string - pullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - repository: - type: string - tag: - type: string - type: object - metricsConfig: - description: The xml config for the metrics - type: string - numThreads: - description: |- - Number of threads to use for the prometheus exporter - Defaults to 1 - format: int32 - type: integer - restartSchedule: - description: |- - Perform a scheduled restart on the given schedule, in CRON format. - - Multiple CRON syntaxes are supported - - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") - - Predefined Schedules (e.g. "@yearly", "@weekly", etc.) - - Intervals (e.g. "@every 10h30m") - - For more information please check this reference: - https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format - type: string - scrapeInterval: - description: |- - The interval to scrape Solr at (in seconds) - Defaults to 60 seconds - format: int32 - type: integer - solrReference: - description: Reference of the Solr instance to collect metrics for - properties: - basicAuthSecret: - description: |- - If Solr is secured, you'll need to provide credentials for the Prometheus exporter to authenticate via a - kubernetes.io/basic-auth secret which must contain a username and password. If basic auth is enabled on the - SolrCloud instance, the default secret (unless you are supplying your own) is named using the pattern: - -solrcloud-basic-auth. If using the security.json bootstrapped by the Solr operator, - then the username is "k8s-oper". - type: string - cloud: - description: Reference of a solrCloud instance - properties: - name: - description: The name of a solr cloud running within the kubernetes - cluster - type: string - namespace: - description: The namespace of a solr cloud running within - the kubernetes cluster - type: string - zkConnectionInfo: - description: The ZK Connection information for a cloud, could - be used for solr's running outside of the kube cluster - properties: - acl: - description: |- - ZooKeeper ACL to use when connecting with ZK. - This ACL should have ALL permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret - that contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret - that contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - chroot: - description: The ChRoot to connect solr at - type: string - externalConnectionString: - description: |- - The connection string to connect to the ensemble from outside of the Kubernetes cluster - If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string - type: string - internalConnectionString: - description: The connection string to connect to the ensemble - from within the Kubernetes cluster - type: string - readOnlyAcl: - description: |- - ZooKeeper ACL to use when connecting with ZK for reading operations. - This ACL should have READ permission in the given chRoot. - properties: - passwordKey: - description: The name of the key in the given secret - that contains the ACL password - type: string - secret: - description: |- - The name of the Kubernetes Secret that stores the username and password for the ACL. - This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. - type: string - usernameKey: - description: The name of the key in the given secret - that contains the ACL username - type: string - required: - - passwordKey - - secret - - usernameKey - type: object - type: object - type: object - solrTLS: - description: Settings to configure the SolrJ client used to request - metrics from TLS enabled Solr pods - properties: - checkPeerName: - description: TLS certificates contain host/ip "peer name" - information that is validated by default. - type: boolean - clientAuth: - default: None - description: |- - Determines the client authentication method, either None, Want, or Need; - this affects K8s ability to call liveness / readiness probes so use cautiously. - Only applies for server certificates, has no effect on client certificates - enum: - - None - - Want - - Need - type: string - keyStorePasswordSecret: - description: Secret containing the key store password; this - field is required unless mountedTLSDir is used, as most - JVMs do not support pkcs12 keystores without a password - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - mountedTLSDir: - description: |- - Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. - This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. - properties: - keystoreFile: - description: |- - Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - keystorePassword: - description: Set the password of the keystore explicitly. - Cannot be used with "keystorePasswordFile" - type: string - keystorePasswordFile: - description: Override the name of the keystore password - file; defaults to keystore-password, if "keystorePassword" - is not provided. - type: string - path: - description: The path on the main Solr container where - the TLS files are mounted by some external agent or - CSI Driver - type: string - truststoreFile: - description: |- - Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding - env vars and Java system properties will not be configured for the pod template - type: string - truststorePassword: - description: Set the password of the truststore explicitly. - If "keystorePassword" is provided, and "truststorePasswordFile" - is not, this will be defaulted to "keystorePassword". - type: string - truststorePasswordFile: - description: Override the name of the truststore password - file; defaults to the same value as the KeystorePasswordFile, - if "truststorePassword" is not provided. - type: string - required: - - path - type: object - pkcs12Secret: - description: TLS Secret containing a pkcs12 keystore; required - for Solr pods unless mountedTLSDir is used - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - restartOnTLSSecretUpdate: - description: |- - Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. - This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, - you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. - type: boolean - trustStorePasswordSecret: - description: Secret containing the trust store password; if - not provided the keyStorePassword will be used - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - trustStoreSecret: - description: |- - TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore - The specified key is used as the truststore file name when mounted into Solr pods - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - verifyClientHostname: - description: |- - Verify client's hostname during SSL handshake - Only applies for server configuration - type: boolean - type: object - standalone: - description: Reference of a standalone solr instance - properties: - address: - description: The address of the standalone solr - type: string - required: - - address - type: object - type: object - required: - - solrReference - type: object - status: - description: SolrPrometheusExporterStatus defines the observed state of - SolrPrometheusExporter - properties: - ready: - description: Is the prometheus exporter up and running - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + operator.solr.apache.org/version: v0.10.0-prerelease + argocd.argoproj.io/sync-options: Replace=true + controller-gen.kubebuilder.io/version: v0.16.4 + name: solrbackups.solr.apache.org +spec: + group: solr.apache.org + names: + kind: SolrBackup + listKind: SolrBackupList + plural: solrbackups + singular: solrbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Solr Cloud + jsonPath: .spec.solrCloud + name: Cloud + type: string + - description: Most recent time the backup started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Whether the most recent backup has finished + jsonPath: .status.finished + name: Finished + type: boolean + - description: Whether the most recent backup was successful + jsonPath: .status.successful + name: Successful + type: boolean + - description: Next scheduled time for a recurrent backup + format: date-time + jsonPath: .status.nextScheduledTime + name: NextBackup + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SolrBackup is the Schema for the solrbackups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SolrBackupSpec defines the desired state of SolrBackup + properties: + collections: + description: The list of collections to backup. + items: + type: string + type: array + location: + description: The location to store the backup in the specified backup + repository. + type: string + recurrence: + description: |- + Set this backup to be taken recurrently, with options for scheduling and storage. + + NOTE: This is only supported for Solr Clouds version 8.9+, as it uses the incremental backup API. + properties: + disabled: + default: false + description: Disable the recurring backups. Note this will not + affect any currently-running backup. + type: boolean + maxSaved: + default: 5 + description: |- + Define the number of backup points to save for this backup at any given time. + The oldest backups will be deleted if too many exist when a backup is taken. + If not provided, this defaults to 5. + minimum: 1 + type: integer + schedule: + description: |- + Perform a backup on the given schedule, in CRON format. + + Multiple CRON syntaxes are supported + - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") + - Predefined Schedules (e.g. "@yearly", "@weekly", "@daily", etc.) + - Intervals (e.g. "@every 10h30m") + + For more information please check this reference: + https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format + type: string + required: + - schedule + type: object + repositoryName: + description: |- + The name of the repository to use for the backup. Defaults to "legacy_local_repository" if not specified (the + auto-configured repository for legacy singleton volumes). + maxLength: 100 + minLength: 1 + pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' + type: string + solrCloud: + description: A reference to the SolrCloud to create a backup for + maxLength: 63 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + required: + - solrCloud + type: object + status: + description: SolrBackupStatus defines the observed state of SolrBackup + properties: + collectionBackupStatuses: + description: The status of each collection's backup progress + items: + description: CollectionBackupStatus defines the progress of a Solr + Collection's backup + properties: + asyncBackupStatus: + description: The status of the asynchronous backup call to solr + type: string + backupName: + description: BackupName of this collection's backup in Solr + type: string + collection: + description: Solr Collection name + type: string + finishTimestamp: + description: Time that the collection backup finished at + format: date-time + type: string + finished: + description: Whether the backup has finished + type: boolean + inProgress: + description: Whether the collection is being backed up + type: boolean + startTimestamp: + description: Time that the collection backup started at + format: date-time + type: string + successful: + description: Whether the backup was successful + type: boolean + required: + - collection + type: object + type: array + finishTimestamp: + description: The time that this backup was finished + format: date-time + type: string + finished: + description: Whether the backup has finished + type: boolean + history: + description: The status history of recurring backups + items: + description: IndividualSolrBackupStatus defines the observed state + of a single issued SolrBackup + properties: + collectionBackupStatuses: + description: The status of each collection's backup progress + items: + description: CollectionBackupStatus defines the progress of + a Solr Collection's backup + properties: + asyncBackupStatus: + description: The status of the asynchronous backup call + to solr + type: string + backupName: + description: BackupName of this collection's backup in + Solr + type: string + collection: + description: Solr Collection name + type: string + finishTimestamp: + description: Time that the collection backup finished + at + format: date-time + type: string + finished: + description: Whether the backup has finished + type: boolean + inProgress: + description: Whether the collection is being backed up + type: boolean + startTimestamp: + description: Time that the collection backup started at + format: date-time + type: string + successful: + description: Whether the backup was successful + type: boolean + required: + - collection + type: object + type: array + finishTimestamp: + description: The time that this backup was finished + format: date-time + type: string + finished: + description: Whether the backup has finished + type: boolean + solrVersion: + description: Version of the Solr being backed up + type: string + startTimestamp: + description: The time that this backup was initiated + format: date-time + type: string + successful: + description: Whether the backup was successful + type: boolean + type: object + type: array + nextScheduledTime: + description: The scheduled time for the next backup to occur + format: date-time + type: string + solrVersion: + description: Version of the Solr being backed up + type: string + startTimestamp: + description: The time that this backup was initiated + format: date-time + type: string + successful: + description: Whether the backup was successful + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + operator.solr.apache.org/version: v0.10.0-prerelease + argocd.argoproj.io/sync-options: Replace=true + controller-gen.kubebuilder.io/version: v0.16.4 + name: solrclouds.solr.apache.org +spec: + group: solr.apache.org + names: + kind: SolrCloud + listKind: SolrCloudList + plural: solrclouds + shortNames: + - solr + singular: solrcloud + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Solr Version of the cloud + jsonPath: .status.version + name: Version + type: string + - description: Target Solr Version of the cloud + jsonPath: .status.targetVersion + name: TargetVersion + type: string + - description: Number of solr nodes configured to run in the cloud + jsonPath: .spec.replicas + name: DesiredNodes + type: integer + - description: Number of solr nodes running + jsonPath: .status.replicas + name: Nodes + type: integer + - description: Number of solr nodes connected to the cloud + jsonPath: .status.readyReplicas + name: ReadyNodes + type: integer + - description: Number of solr nodes running the latest SolrCloud pod spec + jsonPath: .status.upToDateNodes + name: UpToDateNodes + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SolrCloud is the Schema for the solrclouds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SolrCloudSpec defines the desired state of SolrCloud + properties: + additionalLibs: + description: |- + List of paths in the Solr Docker image to load in the classpath. + Note: Solr Modules will be auto-loaded if specified in the "solrModules" property. There is no need to specify them here as well. + items: + type: string + type: array + availability: + description: Define how Solr nodes should be available. + properties: + podDisruptionBudget: + description: Define PodDisruptionBudget(s) to ensure availability + of Solr + properties: + enabled: + default: true + description: What method should be used when creating PodDisruptionBudget(s) + type: boolean + method: + default: ClusterWide + description: What method should be used when creating PodDisruptionBudget(s) + enum: + - ClusterWide + type: string + required: + - enabled + type: object + type: object + backupRepositories: + description: Allows specification of multiple different "repositories" + for Solr to use when backing up data. + items: + maxProperties: 2 + minProperties: 2 + properties: + gcs: + description: A GCSRepository for Solr to use when backing up + and restoring collections. + properties: + baseLocation: + description: An already-created chroot within the bucket + to store data in. Defaults to the root path "/" if not + specified. + type: string + bucket: + description: The name of the GCS bucket that all backup + data will be stored in + type: string + gcsCredentialSecret: + description: |- + The name & key of a Kubernetes secret holding a Google cloud service account key. Must be set unless deployed in + GKE and making use of Google's "Workplace Identity" feature. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - bucket + type: object + name: + description: |- + A name used to identify this local storage profile. Values should follow RFC-1123. (See here for more details: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names) + maxLength: 100 + minLength: 1 + pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' + type: string + s3: + description: An S3Repository for Solr to use when backing up + and restoring collections. + properties: + baseLocation: + description: An already-created chroot within the bucket + to store data in. Defaults to the root path "/" if not + specified. + type: string + bucket: + description: The name of the S3 bucket that all backup data + will be stored in + type: string + credentials: + description: |- + Options for specifying S3Credentials. This is optional in case you want to mount this information yourself. + However, if you do not include these credentials, and you do not load them yourself via a mount or EnvVars, + you will likely see errors when taking s3 backups. + + If running in EKS, you can create an IAMServiceAccount that uses a role permissioned for this S3 bucket. + Then use that serviceAccountName for your SolrCloud, and the credentials should be auto-populated. + properties: + accessKeyIdSecret: + description: The name & key of a Kubernetes secret holding + an AWS Access Key ID + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFileSecret: + description: The name & key of a Kubernetes secret holding + an AWS credentials file + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secretAccessKeySecret: + description: The name & key of a Kubernetes secret holding + an AWS Secret Access Key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + description: The name & key of a Kubernetes secret holding + an AWS Session Token + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + description: The full endpoint URL to use when connecting + with S3 (or a supported S3 compatible interface) + type: string + proxyUrl: + description: The full proxy URL to use when connecting with + S3 + type: string + region: + description: The S3 region to store the backup data in + type: string + required: + - bucket + - region + type: object + volume: + description: Allows specification of a "repository" for Solr + to use when backing up data "locally". + properties: + directory: + description: |- + Select a custom directory name to mount the backup/restore data in the given volume. + If not specified, then the name of the solrcloud will be used by default. + type: string + source: + description: |- + This is a volumeSource for a volume that will be mounted to all solrNodes to store backups and load restores. + The data within the volume will be namespaced for this instance, so feel free to use the same volume for multiple clouds. + Since the volume will be mounted to all solrNodes, it must be able to be written from multiple pods. + If a PVC reference is given, the PVC must have `accessModes: - ReadWriteMany`. + Other options are to use a NFS volume. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + type: object + required: + - source + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + busyBoxImage: + description: |- + ContainerImage defines the fields needed for a Docker repository image. The + format here matches the predominant format used in Helm charts. + properties: + imagePullSecret: + type: string + pullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + repository: + type: string + tag: + type: string + type: object + customSolrKubeOptions: + description: Provide custom options for kubernetes objects created + for the Solr Cloud. + properties: + commonServiceOptions: + description: CommonServiceOptions defines the custom options for + the common solrCloud Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Service. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the Service. + type: object + type: object + configMapOptions: + description: ServiceOptions defines the custom options for the + solrCloud ConfigMap. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the ConfigMap. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the ConfigMap. + type: object + providedConfigMap: + description: Name of a user provided ConfigMap in the same + namespace containing a custom solr.xml + type: string + type: object + headlessServiceOptions: + description: HeadlessServiceOptions defines the custom options + for the headless solrCloud Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Service. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the Service. + type: object + type: object + ingressOptions: + description: IngressOptions defines the custom options for the + solrCloud Ingress. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Ingress. + type: object + ingressClassName: + description: |- + IngressClassName is the name of the IngressClass cluster resource. The + associated IngressClass defines which controller will implement the resource. + maxLength: 63 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + labels: + additionalProperties: + type: string + description: Labels to be added for the Ingress. + type: object + type: object + nodeServiceOptions: + description: |- + NodeServiceOptions defines the custom options for the individual solrCloud Node services, if they are created. + These services will only be created when exposing SolrNodes externally via an Ingress in the AddressabilityOptions. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Service. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the Service. + type: object + type: object + podOptions: + description: SolrPodOptions defines the custom options for solrCloud + pods. + properties: + affinity: + description: The scheduling constraints on pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations to be added for pods. + type: object + containerSecurityContext: + description: ContainerSecurityContext the container-level + security context used by the pod's primary container + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + defaultInitContainerResources: + description: DefaultInitContainerResources are the resource + requirements for the default init container(s) created by + the Solr Operator, if any are created. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + envVars: + description: Additional environment variables to pass to the + default container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: |- + ImagePullSecrets to apply to the pod. + These are for init/sidecarContainers in addition to the imagePullSecret defined for the + solr image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + Additional init containers to run in the pod. + These will run along with the init container that sets up the "solr.xml". + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels to be added for pods. + type: object + lifecycle: + description: Lifecycle for the main container + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Liveness probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: Node Selector to be added for the StatefulSet. + type: object + podSecurityContext: + description: PodSecurityContext is the security context for + the pod. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName for the pod + type: string + readinessProbe: + description: Readiness probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resources is the resource requirements for the + default container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccountName: + description: Optional Service Account to run the pod under. + type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean + sidecarContainers: + description: Sidecar containers to run in the pod. These are + in addition to the Solr Container + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + startupProbe: + description: Startup probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. + format: int64 + minimum: 10 + type: integer + tolerations: + description: Tolerations to be added for the StatefulSet. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + Optional PodSpreadTopologyConstraints to use when scheduling pods. + More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + + Note: There is no need to provide a "labelSelector", as the operator will inject the labels for you if not provided. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: Additional non-data volumes to load into the + default container. + items: + description: AdditionalVolume provides information on additional + volumes that should be loaded into pods + properties: + defaultContainerMount: + description: |- + DefaultContainerMount defines how to mount this volume into the default container. + If this volume is to be used only with sidecar or non-default init containers, + then this option is not necessary. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + name: + description: Name of the volume + type: string + source: + description: Source is the source of the Volume to be + loaded into the solrCloud Pod + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to the + pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name and + Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a Flocker + dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets + host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a + Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + type: object + required: + - name + - source + type: object + type: array + type: object + statefulSetOptions: + description: StatefulSetOptions defines the custom options for + the solrCloud StatefulSet. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the StatefulSet. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the StatefulSet. + type: object + podManagementPolicy: + description: |- + PodManagementPolicy defines the policy for creating pods under a stateful set. + Override the default value of Parallel. + This cannot be updated on an existing StatefulSet, the StatefulSet must be deleted and recreated for a change in this field to take effect. + enum: + - OrderedReady + - Parallel + type: string + type: object + type: object + dataStorage: + description: |- + Customize how the cloud data is stored. + If neither "persistent" or "ephemeral" is provided, then ephemeral storage will be used by default. + properties: + ephemeral: + description: |- + EphemeralStorage is the specification for how the ephemeral Solr data storage should be configured. + + This option cannot be used with the "persistent" option. + Ephemeral storage is used by default if neither "persistent" or "ephemeral" is provided. + properties: + emptyDir: + description: EmptyDirVolumeSource is an optional config for + the emptydir volume that will store Solr data. + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: |- + HostPathVolumeSource is an optional config to specify a path on the host machine to store Solr data. + + If hostPath is omitted, then the default EmptyDir is used, otherwise hostPath takes precedence over EmptyDir. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + type: object + persistent: + description: |- + PersistentStorage is the specification for how the persistent Solr data storage should be configured. + + This option cannot be used with the "ephemeral" option. + properties: + pvcTemplate: + description: |- + PersistentVolumeClaimTemplate is the PVC object for the solr node to store its data. + Within metadata, the Name, Labels and Annotations are able to be specified, but defaults will be provided if necessary. + The entire Spec is customizable, however there will be defaults provided if necessary. + This field is optional. If no PVC spec is provided, then a default will be provided. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + type: object + reclaimPolicy: + description: |- + VolumeReclaimPolicy determines how the Solr Cloud's PVCs will be treated after the cloud is deleted. + - Retain: This is the default Kubernetes policy, where PVCs created for StatefulSets are not deleted when the StatefulSet is deleted. + - Delete: The PVCs will be deleted by the Solr Operator after the SolrCloud object is deleted. + The default value is Retain, so no data will be deleted unless explicitly configured. + enum: + - Retain + - Delete + type: string + type: object + type: object + replicas: + description: The number of solr nodes to run + format: int32 + type: integer + scaling: + description: Configure how Solr nodes should be scaled. + properties: + populatePodsOnScaleUp: + default: true + description: |- + PopulatePodsOnScaleUp determines whether Solr replicas should be moved to newly-created Pods that have been + created due to the SolrCloud scaling up. + + This feature is only available to users using Solr 9.3 or newer. + If this is set to "true" for a cloud that is running an unsupported version of Solr, the replicas will not be moved. + type: boolean + vacatePodsOnScaleDown: + default: true + description: |- + VacatePodsOnScaleDown determines whether Solr replicas are moved off of a Pod before the Pod is + deleted due to the SolrCloud scaling down. + type: boolean + type: object + solrAddressability: + description: Customize how Solr is addressed both internally and externally + in Kubernetes. + properties: + commonServicePort: + description: |- + CommonServicePort defines the port to have the common Solr service listen on. + Defaults to 80 (when not using TLS) or 443 (when using TLS) + type: integer + external: + description: |- + External defines the way in which this SolrCloud nodes should be made addressable externally, from outside the Kubernetes cluster. + If none is provided, the Solr Cloud will not be made addressable externally. + properties: + additionalDomainNames: + description: |- + Provide additional domainNames that the Ingress or ExternalDNS should listen on. + This option is ignored with the LoadBalancer method. + items: + type: string + type: array + domainName: + description: |- + Override the domainName provided as startup parameters to the operator, used by ingresses and externalDNS. + The common and/or node services will be addressable by unique names under the given domain. + e.g. given.domain.name.com -> default-example-solrcloud.given.domain.name.com + + For the LoadBalancer method, this field is optional and will only be used when useExternalAddress=true. + If used with the LoadBalancer method, you will need DNS routing to the LoadBalancer IP address through the url template given above. + type: string + hideCommon: + description: |- + Do not expose the common Solr service externally. This affects a single service. + Defaults to false. + type: boolean + hideNodes: + description: |- + Do not expose each of the Solr Node services externally. + The number of services this affects could range from 1 (a headless service for ExternalDNS) to the number of Solr pods your cloud contains (individual node services for Ingress/LoadBalancer). + Defaults to false. + type: boolean + ingressTLSTermination: + description: |- + IngressTLSTermination tells the SolrCloud Ingress to terminate TLS on incoming connections. + + This is option is only available when Method=Ingress, because ExternalDNS and LoadBalancer Services do not support TLS termination. + This option is also unavailable when the SolrCloud has TLS enabled via `spec.solrTLS`, in this case the Ingress cannot terminate TLS before reaching Solr. + + When using this option, the UseExternalAddress option will be disabled, since Solr cannot be running in HTTP mode and making internal requests in HTTPS. + maxProperties: 1 + properties: + tlsSecret: + description: TLSSecret defines a TLS Secret to use for + TLS termination of all exposed addresses for this SolrCloud + in the Ingress. + type: string + useDefaultTLSSecret: + description: |- + UseDefaultTLSSecret determines whether the ingress should use the default TLS secret provided by the Ingress implementation. + + For example, using nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate + type: boolean + type: object + method: + description: The way in which this SolrCloud's service(s) + should be made addressable externally. + enum: + - Ingress + - ExternalDNS + type: string + nodePortOverride: + description: |- + NodePortOverride defines the port to have all Solr node service(s) listen on and advertise itself as if advertising through an Ingress or LoadBalancer. + This overrides the default usage of the podPort. + + This is option is only used when HideNodes=false, otherwise the the port each Solr Node will advertise itself with the podPort. + This option is also unavailable with the ExternalDNS method. + + If using method=Ingress, your ingress controller is required to listen on this port. + If your ingress controller is not listening on the podPort, then this option is required for solr to be addressable via an Ingress. + + Defaults to 80 (without TLS) or 443 (with TLS) if HideNodes=false and method=Ingress, otherwise this is optional. + type: integer + useExternalAddress: + description: |- + Use the external address to advertise the SolrNode, defaults to false. + + If false, the external address will be available, however Solr (and clients using the CloudSolrClient in SolrJ) will only be aware of the internal URLs. + If true, Solr will startup with the hostname of the external address. + + NOTE: This option cannot be true when hideNodes is set to true. So it will be auto-set to false if that is the case. + type: boolean + required: + - domainName + - method + type: object + kubeDomain: + description: |- + KubeDomain allows for the specification of an override of the default "cluster.local" Kubernetes cluster domain. + Only use this option if the Kubernetes cluster has been setup with a custom domain. + type: string + podPort: + description: |- + PodPort defines the port to have the Solr Pod listen on. + Defaults to 8983 + type: integer + type: object + solrClientTLS: + description: Options to configure client TLS certificate for Solr + pods + properties: + checkPeerName: + description: TLS certificates contain host/ip "peer name" information + that is validated by default. + type: boolean + clientAuth: + default: None + description: |- + Determines the client authentication method, either None, Want, or Need; + this affects K8s ability to call liveness / readiness probes so use cautiously. + Only applies for server certificates, has no effect on client certificates + enum: + - None + - Want + - Need + type: string + keyStorePasswordSecret: + description: Secret containing the key store password; this field + is required unless mountedTLSDir is used, as most JVMs do not + support pkcs12 keystores without a password + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + mountedTLSDir: + description: |- + Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. + This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. + properties: + keystoreFile: + description: |- + Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + keystorePassword: + description: Set the password of the keystore explicitly. + Cannot be used with "keystorePasswordFile" + type: string + keystorePasswordFile: + description: Override the name of the keystore password file; + defaults to keystore-password, if "keystorePassword" is + not provided. + type: string + path: + description: The path on the main Solr container where the + TLS files are mounted by some external agent or CSI Driver + type: string + truststoreFile: + description: |- + Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + truststorePassword: + description: Set the password of the truststore explicitly. + If "keystorePassword" is provided, and "truststorePasswordFile" + is not, this will be defaulted to "keystorePassword". + type: string + truststorePasswordFile: + description: Override the name of the truststore password + file; defaults to the same value as the KeystorePasswordFile, + if "truststorePassword" is not provided. + type: string + required: + - path + type: object + pkcs12Secret: + description: TLS Secret containing a pkcs12 keystore; required + for Solr pods unless mountedTLSDir is used + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + restartOnTLSSecretUpdate: + description: |- + Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. + This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, + you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. + type: boolean + trustStorePasswordSecret: + description: Secret containing the trust store password; if not + provided the keyStorePassword will be used + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + trustStoreSecret: + description: |- + TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore + The specified key is used as the truststore file name when mounted into Solr pods + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + verifyClientHostname: + description: |- + Verify client's hostname during SSL handshake + Only applies for server configuration + type: boolean + type: object + solrGCTune: + description: Set GC Tuning configuration through GC_TUNE environment + variable + type: string + solrImage: + description: |- + ContainerImage defines the fields needed for a Docker repository image. The + format here matches the predominant format used in Helm charts. + properties: + imagePullSecret: + type: string + pullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + repository: + type: string + tag: + type: string + type: object + solrJavaMem: + type: string + solrLogLevel: + description: Set the Solr Log level, defaults to INFO + type: string + solrModules: + description: |- + List of Solr Modules to be loaded when starting Solr + Note: You do not need to specify a module if it is required by another property (e.g. backupRepositories[].gcs) + items: + type: string + type: array + solrOpts: + description: |- + You can add common system properties to the SOLR_OPTS environment variable + SolrOpts is the string interface for these optional settings + type: string + solrSecurity: + description: Options to enable Solr security + properties: + authenticationType: + description: |- + Indicates the authentication plugin type that is being used by Solr; for now only "Basic" is supported by the + Solr operator but support for other authentication plugins may be added in the future. + enum: + - Basic + type: string + basicAuthSecret: + description: |- + Secret (kubernetes.io/basic-auth) containing credentials the operator should use for API requests to secure Solr pods. + If you provide this secret, then the operator assumes you've also configured your own security.json file and + uploaded it to Solr. If you change the password for this user using the Solr security API, then you *must* update + the secret with the new password or the operator will be locked out of Solr and API requests will fail, + ultimately causing a CrashBackoffLoop for all pods if probe endpoints are secured (see 'probesRequireAuth' setting). + + If you don't supply this secret, then the operator creates a kubernetes.io/basic-auth secret containing the password + for the "k8s-oper" user. All API requests from the operator are made as the "k8s-oper" user, which is configured + with read-only access to a minimal set of endpoints. In addition, the operator bootstraps a default security.json + file and credentials for two additional users: admin and solr. The 'solr' user has basic read access to Solr + resources. Once the security.json is bootstrapped, the operator will not update it! You're expected to use the + 'admin' user to access the Security API to make further changes. It's strictly a bootstrapping operation. + type: string + bootstrapSecurityJson: + description: |- + Configure a user-provided security.json from a secret to allow for advanced security config. + If not specified, the operator bootstraps a security.json with basic auth enabled. + This is a bootstrapping config only; once Solr is initialized, the security config should be managed by the security API. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + probesRequireAuth: + description: |- + Flag to indicate if the configured HTTP endpoint(s) used for the probes require authentication; defaults + to false. If you set to true, then probes will use a local command on the main container to hit the secured + endpoints with credentials sourced from an env var instead of HTTP directly. + type: boolean + type: object + solrTLS: + description: Options to enable the server TLS certificate for Solr + pods + properties: + checkPeerName: + description: TLS certificates contain host/ip "peer name" information + that is validated by default. + type: boolean + clientAuth: + default: None + description: |- + Determines the client authentication method, either None, Want, or Need; + this affects K8s ability to call liveness / readiness probes so use cautiously. + Only applies for server certificates, has no effect on client certificates + enum: + - None + - Want + - Need + type: string + keyStorePasswordSecret: + description: Secret containing the key store password; this field + is required unless mountedTLSDir is used, as most JVMs do not + support pkcs12 keystores without a password + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + mountedTLSDir: + description: |- + Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. + This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. + properties: + keystoreFile: + description: |- + Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + keystorePassword: + description: Set the password of the keystore explicitly. + Cannot be used with "keystorePasswordFile" + type: string + keystorePasswordFile: + description: Override the name of the keystore password file; + defaults to keystore-password, if "keystorePassword" is + not provided. + type: string + path: + description: The path on the main Solr container where the + TLS files are mounted by some external agent or CSI Driver + type: string + truststoreFile: + description: |- + Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + truststorePassword: + description: Set the password of the truststore explicitly. + If "keystorePassword" is provided, and "truststorePasswordFile" + is not, this will be defaulted to "keystorePassword". + type: string + truststorePasswordFile: + description: Override the name of the truststore password + file; defaults to the same value as the KeystorePasswordFile, + if "truststorePassword" is not provided. + type: string + required: + - path + type: object + pkcs12Secret: + description: TLS Secret containing a pkcs12 keystore; required + for Solr pods unless mountedTLSDir is used + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + restartOnTLSSecretUpdate: + description: |- + Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. + This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, + you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. + type: boolean + trustStorePasswordSecret: + description: Secret containing the trust store password; if not + provided the keyStorePassword will be used + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + trustStoreSecret: + description: |- + TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore + The specified key is used as the truststore file name when mounted into Solr pods + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + verifyClientHostname: + description: |- + Verify client's hostname during SSL handshake + Only applies for server configuration + type: boolean + type: object + solrZkOpts: + description: |- + This will add java system properties for connecting to Zookeeper. + SolrZkOpts is the string interface for these optional settings + type: string + updateStrategy: + description: Define how Solr rolling updates are executed. + properties: + managed: + description: Options for Solr Operator Managed rolling updates. + properties: + maxPodsUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of the desired number of pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + If the provided number is 0 or negative, then all pods will be allowed to be updated in unison. + + Defaults to 25%. + x-kubernetes-int-or-string: true + maxShardReplicasUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of replicas for each shard that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of replicas in a shard (ex: 25%). + Absolute number is calculated from percentage by rounding down. + If the provided number is 0 or negative, then all replicas will be allowed to be updated in unison. + + Defaults to 1. + x-kubernetes-int-or-string: true + type: object + method: + description: Method defines the way in which SolrClouds should + be updated when the podSpec changes. + enum: + - Managed + - StatefulSet + - Manual + type: string + restartSchedule: + description: |- + Perform a scheduled restart on the given schedule, in CRON format. + + Multiple CRON syntaxes are supported + - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") + - Predefined Schedules (e.g. "@yearly", "@weekly", etc.) + - Intervals (e.g. "@every 10h30m") + + For more information please check this reference: + https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format + type: string + type: object + zookeeperRef: + description: |- + The information for the Zookeeper this SolrCloud should connect to + Can be a zookeeper that is running, or one that is created by the solr operator + properties: + connectionInfo: + description: |- + A zookeeper ensemble that is run independently of the solr operator + If an externalConnectionString is provided, but no internalConnectionString is, the external will be used as the internal + properties: + acl: + description: |- + ZooKeeper ACL to use when connecting with ZK. + This ACL should have ALL permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + chroot: + description: The ChRoot to connect solr at + type: string + externalConnectionString: + description: |- + The connection string to connect to the ensemble from outside of the Kubernetes cluster + If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string + type: string + internalConnectionString: + description: The connection string to connect to the ensemble + from within the Kubernetes cluster + type: string + readOnlyAcl: + description: |- + ZooKeeper ACL to use when connecting with ZK for reading operations. + This ACL should have READ permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + type: object + provided: + description: |- + Create a new Zookeeper Ensemble with the following spec + Note: This option will not allow the SolrCloud to run across kube-clusters. + Note: Requires + - The zookeeperOperator flag to be provided to the Solr Operator + - A zookeeper operator to be running + properties: + acl: + description: |- + ZooKeeper ACL to use when connecting with ZK. + This ACL should have ALL permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + adminServerService: + description: |- + AdminServerService defines the policy to create AdminServer Service + for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations to attach to AdminServer service the operator + creates. + type: object + external: + type: boolean + type: object + chroot: + description: The ChRoot to connect solr at + type: string + clientService: + description: |- + ClientService defines the policy to create client Service + for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations to attach to client service the operator + creates. + type: object + type: object + config: + description: Additional Zookeeper Configuration settings + properties: + additionalConfig: + additionalProperties: + type: string + description: key-value map of additional zookeeper configuration + parameters + type: object + x-kubernetes-preserve-unknown-fields: true + autoPurgePurgeInterval: + description: |- + The time interval in hours for which the purge task has to be triggered + + Disabled by default + type: integer + autoPurgeSnapRetainCount: + description: |- + Retain the snapshots according to retain count + + The default value is 3 + type: integer + commitLogCount: + description: |- + Zookeeper maintains an in-memory list of last committed requests for fast + synchronization with followers + + The default value is 500 + type: integer + globalOutstandingLimit: + description: |- + Clients can submit requests faster than ZooKeeper can process them, especially + if there are a lot of clients. Zookeeper will throttle Clients so that requests + won't exceed global outstanding limit. + + The default value is 1000 + type: integer + initLimit: + description: |- + InitLimit is the amount of time, in ticks, to allow followers to connect + and sync to a leader. + + Default value is 10. + type: integer + maxClientCnxns: + description: |- + Limits the number of concurrent connections that a single client, identified + by IP address, may make to a single member of the ZooKeeper ensemble. + + The default value is 60 + type: integer + maxCnxns: + description: |- + Limits the total number of concurrent connections that can be made to a + zookeeper server + + The defult value is 0, indicating no limit + type: integer + maxSessionTimeout: + description: |- + The maximum session timeout in milliseconds that the server will allow the + client to negotiate. + + The default value is 40000 + type: integer + minSessionTimeout: + description: |- + The minimum session timeout in milliseconds that the server will allow the + client to negotiate + + The default value is 4000 + type: integer + preAllocSize: + description: |- + To avoid seeks ZooKeeper allocates space in the transaction log file in + blocks of preAllocSize kilobytes + + The default value is 64M + type: integer + quorumListenOnAllIPs: + description: |- + QuorumListenOnAllIPs when set to true the ZooKeeper server will listen for + connections from its peers on all available IP addresses, and not only the + address configured in the server list of the configuration file. It affects + the connections handling the ZAB protocol and the Fast Leader Election protocol. + + The default value is false. + type: boolean + snapCount: + description: |- + ZooKeeper records its transactions using snapshots and a transaction log + The number of transactions recorded in the transaction log before a snapshot + can be taken is determined by snapCount + + The default value is 100,000 + type: integer + snapSizeLimitInKb: + description: |- + Snapshot size limit in Kb + + The defult value is 4GB + type: integer + syncLimit: + description: |- + SyncLimit is the amount of time, in ticks, to allow followers to sync with + Zookeeper. + + The default value is 2. + type: integer + tickTime: + description: |- + TickTime is the length of a single tick, which is the basic time unit used + by Zookeeper, as measured in milliseconds + + The default value is 2000. + type: integer + type: object + containers: + description: Containers defines to support multi containers + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + ephemeral: + description: |- + Ephemeral is the configuration which helps create ephemeral storage + At anypoint only one of Persistence or Ephemeral should be present in the manifest + properties: + emptydirvolumesource: + description: |- + EmptyDirVolumeSource is optional and this will create the emptydir volume + It has two parameters Medium and SizeLimit which are optional as well + Medium specifies What type of storage medium should back this directory. + SizeLimit specifies Total amount of local storage required for this EmptyDir volume. + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + headlessService: + description: |- + HeadlessService defines the policy to create headless Service + for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations to attach to headless service the operator + creates. + type: object + type: object + image: + description: Image of Zookeeper to run + properties: + imagePullSecret: + type: string + pullPolicy: + description: PullPolicy describes a policy for if/when + to pull a container image + type: string + repository: + type: string + tag: + type: string + type: object + initContainers: + description: Init containers to support initialization + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to all resources the operator + creates for the zookeeper cluster, including StatefulSet, Pod, + PersistentVolumeClaim, Service, ConfigMap, et al. + type: object + maxUnavailableReplicas: + default: 1 + description: |- + MaxUnavailableReplicas defines the + MaxUnavailable Replicas in pdb. + Default is 1. + format: int32 + minimum: 1 + type: integer + persistence: + description: |- + Persistence is the configuration for zookeeper persistent layer. + PersistentVolumeClaimSpec and VolumeReclaimPolicy can be specified in here. + At anypoint only one of Persistence or Ephemeral should be present in the manifest + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations to attach to pvc the operator + creates. + type: object + reclaimPolicy: + description: |- + VolumeReclaimPolicy is a zookeeper operator configuration. If it's set to Delete, + the corresponding PVCs will be deleted by the operator when zookeeper cluster is deleted. + The default value is Retain. + enum: + - Retain + - Delete + type: string + spec: + description: |- + PersistentVolumeClaimSpec is the spec to describe PVC for the container + This field is optional. If no PVC is specified default persistentvolume + will get created. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + type: object + probes: + description: |- + Probes specifies the timeout values for the Readiness and Liveness Probes + for the zookeeper pods. + properties: + livenessProbe: + properties: + failureThreshold: + format: int32 + minimum: 0 + type: integer + initialDelaySeconds: + format: int32 + minimum: 0 + type: integer + periodSeconds: + format: int32 + minimum: 0 + type: integer + successThreshold: + format: int32 + minimum: 0 + type: integer + timeoutSeconds: + format: int32 + minimum: 0 + type: integer + type: object + readinessProbe: + properties: + failureThreshold: + format: int32 + minimum: 0 + type: integer + initialDelaySeconds: + format: int32 + minimum: 0 + type: integer + periodSeconds: + format: int32 + minimum: 0 + type: integer + successThreshold: + format: int32 + minimum: 0 + type: integer + timeoutSeconds: + format: int32 + minimum: 0 + type: integer + type: object + type: object + readOnlyAcl: + description: |- + ZooKeeper ACL to use when connecting with ZK for reading operations. + This ACL should have READ permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + replicas: + default: 3 + description: |- + Number of members to create up for the ZK ensemble + Defaults to 3 + format: int32 + minimum: 1 + type: integer + volumeMounts: + description: VolumeMounts defines to support customized volumeMounts + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes defines to support customized volumes + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + zookeeperPodPolicy: + description: Customization options for the Zookeeper Pod + properties: + affinity: + description: The scheduling constraints on pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations to attach to zookeeper pods + creates. + type: object + env: + description: List of environment variables to set in the + main ZK container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: ImagePullSecrets is a list of references + to secrets in the same namespace to use for pulling + any images + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to pods the operator creates for + the zookeeper cluster. + type: object + nodeSelector: + additionalProperties: + type: string + description: Node Selector to be added on pods. + type: object + resources: + description: Resources is the resource requirements for + the Zookeeper container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: |- + SecurityContext specifies the security context for the entire zookeeper pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: Optional Service Account to run the zookeeper + pods under. + type: string + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will + give for a zookeeper pod instance to shutdown normally. + The default value is 30. + format: int64 + minimum: 0 + type: integer + tolerations: + description: Tolerations to be added on pods. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to apply to the + pods + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + type: object + type: object + type: object + status: + description: SolrCloudStatus defines the observed state of SolrCloud + properties: + backupRepositoriesAvailable: + additionalProperties: + type: boolean + description: BackupRepositoriesAvailable lists the backupRepositories + specified in the SolrCloud and whether they are available across + all Pods. + type: object + backupRestoreReady: + description: |- + BackupRestoreReady announces whether the solrCloud has the backupRestorePVC mounted to all pods + and therefore is ready for backups and restores. + type: boolean + externalCommonAddress: + description: |- + ExternalCommonAddress is the external common http address for all solr nodes. + Will only be provided when an ingressUrl is provided for the cloud + type: string + internalCommonAddress: + description: InternalCommonAddress is the internal common http address + for all solr nodes + type: string + podSelector: + description: PodSelector for SolrCloud pods, required by the HPA + type: string + readyReplicas: + default: 0 + description: ReadyReplicas is the number of ready pods in the cluster + format: int32 + minimum: 0 + type: integer + replicas: + default: 0 + description: Replicas is the number of pods created by the StatefulSet + format: int32 + minimum: 0 + type: integer + solrNodes: + description: SolrNodes contain the statuses of each solr node running + in this solr cloud. + items: + description: |- + SolrNodeStatus is the status of a solrNode in the cloud, with readiness status + and internal and external addresses + properties: + externalAddress: + description: |- + An address the node can be connected to from outside of the Kube cluster + Will only be provided when an ingressUrl is provided for the cloud + type: string + internalAddress: + description: An address the node can be connected to from within + the Kube cluster + type: string + name: + description: The name of the pod running the node + type: string + nodeName: + description: The name of the Kubernetes Node which the pod is + running on + type: string + ready: + description: Is the node up and running + type: boolean + scheduledForDeletion: + description: This Solr Node pod is scheduled for deletion + type: boolean + specUpToDate: + description: This Solr Node pod is using the latest version + of solrcloud pod spec. + type: boolean + version: + description: The version of solr that the node is running + type: string + required: + - internalAddress + - name + - nodeName + - ready + - specUpToDate + - version + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + targetVersion: + description: |- + The version of solr that the cloud is meant to be running. + Will only be provided when the cloud is migrating between versions + type: string + upToDateNodes: + default: 0 + description: UpToDateNodes is the number of Solr Node pods that are + running the latest pod spec + format: int32 + minimum: 0 + type: integer + version: + description: The version of solr that the cloud is running + type: string + zookeeperConnectionInfo: + description: ZookeeperConnectionInfo is the information on how to + connect to the used Zookeeper + properties: + acl: + description: |- + ZooKeeper ACL to use when connecting with ZK. + This ACL should have ALL permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + chroot: + description: The ChRoot to connect solr at + type: string + externalConnectionString: + description: |- + The connection string to connect to the ensemble from outside of the Kubernetes cluster + If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string + type: string + internalConnectionString: + description: The connection string to connect to the ensemble + from within the Kubernetes cluster + type: string + readOnlyAcl: + description: |- + ZooKeeper ACL to use when connecting with ZK for reading operations. + This ACL should have READ permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret that + contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret that + contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + type: object + required: + - internalCommonAddress + - podSelector + - readyReplicas + - replicas + - solrNodes + - upToDateNodes + - version + - zookeeperConnectionInfo + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.podSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.readyReplicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + operator.solr.apache.org/version: v0.10.0-prerelease + argocd.argoproj.io/sync-options: Replace=true + controller-gen.kubebuilder.io/version: v0.16.4 + name: solrprometheusexporters.solr.apache.org +spec: + group: solr.apache.org + names: + kind: SolrPrometheusExporter + listKind: SolrPrometheusExporterList + plural: solrprometheusexporters + shortNames: + - solrmetrics + singular: solrprometheusexporter + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Whether the prometheus exporter is ready + jsonPath: .status.ready + name: Ready + type: boolean + - description: Scrape interval for metrics (in ms) + jsonPath: .spec.scrapeInterval + name: Scrape Interval + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SolrPrometheusExporter is the Schema for the solrprometheusexporters + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SolrPrometheusExporterSpec defines the desired state of SolrPrometheusExporter + properties: + busyBoxImage: + description: |- + An initContainer is needed to create a wrapper script around the exporter entrypoint when TLS is enabled + with the `spec.solrReference.solrTLS.mountedTLSDir` option + properties: + imagePullSecret: + type: string + pullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + repository: + type: string + tag: + type: string + type: object + customKubeOptions: + description: Provide custom options for kubernetes objects created + for the SolrPrometheusExporter. + properties: + configMapOptions: + description: ServiceOptions defines the custom options for the + solrPrometheusExporter ConfigMap. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the ConfigMap. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the ConfigMap. + type: object + providedConfigMap: + description: Name of a user provided ConfigMap in the same + namespace containing a custom solr.xml + type: string + type: object + deploymentOptions: + description: DeploymentOptions defines the custom options for + the solrPrometheusExporter Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Deployment. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the Deployment. + type: object + type: object + podOptions: + description: SolrPodOptions defines the custom options for the + solrPrometheusExporter pods. + properties: + affinity: + description: The scheduling constraints on pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations to be added for pods. + type: object + containerSecurityContext: + description: ContainerSecurityContext the container-level + security context used by the pod's primary container + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + defaultInitContainerResources: + description: DefaultInitContainerResources are the resource + requirements for the default init container(s) created by + the Solr Operator, if any are created. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + envVars: + description: Additional environment variables to pass to the + default container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: |- + ImagePullSecrets to apply to the pod. + These are for init/sidecarContainers in addition to the imagePullSecret defined for the + solr image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + Additional init containers to run in the pod. + These will run along with the init container that sets up the "solr.xml". + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels to be added for pods. + type: object + lifecycle: + description: Lifecycle for the main container + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that the + container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Liveness probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: Node Selector to be added for the StatefulSet. + type: object + podSecurityContext: + description: PodSecurityContext is the security context for + the pod. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName for the pod + type: string + readinessProbe: + description: Readiness probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resources is the resource requirements for the + default container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccountName: + description: Optional Service Account to run the pod under. + type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean + sidecarContainers: + description: Sidecar containers to run in the pod. These are + in addition to the Solr Container + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + startupProbe: + description: Startup probe parameters + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. + format: int64 + minimum: 10 + type: integer + tolerations: + description: Tolerations to be added for the StatefulSet. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + Optional PodSpreadTopologyConstraints to use when scheduling pods. + More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + + Note: There is no need to provide a "labelSelector", as the operator will inject the labels for you if not provided. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: Additional non-data volumes to load into the + default container. + items: + description: AdditionalVolume provides information on additional + volumes that should be loaded into pods + properties: + defaultContainerMount: + description: |- + DefaultContainerMount defines how to mount this volume into the default container. + If this volume is to be used only with sidecar or non-default init containers, + then this option is not necessary. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + name: + description: Name of the volume + type: string + source: + description: Source is the source of the Volume to be + loaded into the solrCloud Pod + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to the + pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name and + Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a Flocker + dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets + host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a + Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + type: object + required: + - name + - source + type: object + type: array + type: object + serviceOptions: + description: ServiceOptions defines the custom options for the + solrPrometheusExporter Service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added for the Service. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added for the Service. + type: object + type: object + type: object + exporterEntrypoint: + description: The entrypoint into the exporter. Defaults to the official + docker-solr location. + type: string + image: + description: Image of Solr Prometheus Exporter to run. + properties: + imagePullSecret: + type: string + pullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + repository: + type: string + tag: + type: string + type: object + metricsConfig: + description: The xml config for the metrics + type: string + numThreads: + description: |- + Number of threads to use for the prometheus exporter + Defaults to 1 + format: int32 + type: integer + restartSchedule: + description: |- + Perform a scheduled restart on the given schedule, in CRON format. + + Multiple CRON syntaxes are supported + - Standard CRON (e.g. "CRON_TZ=Asia/Seoul 0 6 * * ?") + - Predefined Schedules (e.g. "@yearly", "@weekly", etc.) + - Intervals (e.g. "@every 10h30m") + + For more information please check this reference: + https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format + type: string + scrapeInterval: + description: |- + The interval to scrape Solr at (in seconds) + Defaults to 60 seconds + format: int32 + type: integer + solrReference: + description: Reference of the Solr instance to collect metrics for + properties: + basicAuthSecret: + description: |- + If Solr is secured, you'll need to provide credentials for the Prometheus exporter to authenticate via a + kubernetes.io/basic-auth secret which must contain a username and password. If basic auth is enabled on the + SolrCloud instance, the default secret (unless you are supplying your own) is named using the pattern: + -solrcloud-basic-auth. If using the security.json bootstrapped by the Solr operator, + then the username is "k8s-oper". + type: string + cloud: + description: Reference of a solrCloud instance + properties: + name: + description: The name of a solr cloud running within the kubernetes + cluster + type: string + namespace: + description: The namespace of a solr cloud running within + the kubernetes cluster + type: string + zkConnectionInfo: + description: The ZK Connection information for a cloud, could + be used for solr's running outside of the kube cluster + properties: + acl: + description: |- + ZooKeeper ACL to use when connecting with ZK. + This ACL should have ALL permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret + that contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret + that contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + chroot: + description: The ChRoot to connect solr at + type: string + externalConnectionString: + description: |- + The connection string to connect to the ensemble from outside of the Kubernetes cluster + If external and no internal connection string is provided, the external cnx string will be used as the internal cnx string + type: string + internalConnectionString: + description: The connection string to connect to the ensemble + from within the Kubernetes cluster + type: string + readOnlyAcl: + description: |- + ZooKeeper ACL to use when connecting with ZK for reading operations. + This ACL should have READ permission in the given chRoot. + properties: + passwordKey: + description: The name of the key in the given secret + that contains the ACL password + type: string + secret: + description: |- + The name of the Kubernetes Secret that stores the username and password for the ACL. + This secret must be in the same namespace as the solrCloud or prometheusExporter is running in. + type: string + usernameKey: + description: The name of the key in the given secret + that contains the ACL username + type: string + required: + - passwordKey + - secret + - usernameKey + type: object + type: object + type: object + solrTLS: + description: Settings to configure the SolrJ client used to request + metrics from TLS enabled Solr pods + properties: + checkPeerName: + description: TLS certificates contain host/ip "peer name" + information that is validated by default. + type: boolean + clientAuth: + default: None + description: |- + Determines the client authentication method, either None, Want, or Need; + this affects K8s ability to call liveness / readiness probes so use cautiously. + Only applies for server certificates, has no effect on client certificates + enum: + - None + - Want + - Need + type: string + keyStorePasswordSecret: + description: Secret containing the key store password; this + field is required unless mountedTLSDir is used, as most + JVMs do not support pkcs12 keystores without a password + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + mountedTLSDir: + description: |- + Used to specify a path where the keystore, truststore, and password files for the TLS certificate are mounted by an external agent or CSI driver. + This option is typically used with `spec.updateStrategy.restartSchedule` to restart Solr pods before the mounted TLS cert expires. + properties: + keystoreFile: + description: |- + Override the name of the keystore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + keystorePassword: + description: Set the password of the keystore explicitly. + Cannot be used with "keystorePasswordFile" + type: string + keystorePasswordFile: + description: Override the name of the keystore password + file; defaults to keystore-password, if "keystorePassword" + is not provided. + type: string + path: + description: The path on the main Solr container where + the TLS files are mounted by some external agent or + CSI Driver + type: string + truststoreFile: + description: |- + Override the name of the truststore file; no default, if you don't supply this setting, then the corresponding + env vars and Java system properties will not be configured for the pod template + type: string + truststorePassword: + description: Set the password of the truststore explicitly. + If "keystorePassword" is provided, and "truststorePasswordFile" + is not, this will be defaulted to "keystorePassword". + type: string + truststorePasswordFile: + description: Override the name of the truststore password + file; defaults to the same value as the KeystorePasswordFile, + if "truststorePassword" is not provided. + type: string + required: + - path + type: object + pkcs12Secret: + description: TLS Secret containing a pkcs12 keystore; required + for Solr pods unless mountedTLSDir is used + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + restartOnTLSSecretUpdate: + description: |- + Opt-in flag to restart Solr pods after TLS secret updates, such as if the cert is renewed; default is false. + This option only applies when using the `spec.solrTLS.pkcs12Secret` option; when using the `spec.solrTLS.mountedTLSDir` option, + you need to ensure pods get restarted before the certs expire, see `spec.updateStrategy.restartSchedule` for scheduling restarts. + type: boolean + trustStorePasswordSecret: + description: Secret containing the trust store password; if + not provided the keyStorePassword will be used + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + trustStoreSecret: + description: |- + TLS Secret containing a pkcs12 truststore; if not provided, then the keystore and password are used for the truststore + The specified key is used as the truststore file name when mounted into Solr pods + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + verifyClientHostname: + description: |- + Verify client's hostname during SSL handshake + Only applies for server configuration + type: boolean + type: object + standalone: + description: Reference of a standalone solr instance + properties: + address: + description: The address of the standalone solr + type: string + required: + - address + type: object + type: object + required: + - solrReference + type: object + status: + description: SolrPrometheusExporterStatus defines the observed state of + SolrPrometheusExporter + properties: + ready: + description: Is the prometheus exporter up and running + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/solr-operator/templates/_helpers.tpl b/charts/solr-operator/templates/_helpers.tpl index 2cea1b81..1155403b 100644 --- a/charts/solr-operator/templates/_helpers.tpl +++ b/charts/solr-operator/templates/_helpers.tpl @@ -1,61 +1,61 @@ -{{- define "solr-operator.name" -}} -{{ .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "solr-operator.fullname" -}} -{{ printf "%s-solr-operator" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "solr-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "solr-operator.serviceAccountName" -}} -{{ printf "%s-sa" (include "solr-operator.fullname" .) }} -{{- end }} - -{{- define "solr-operator.watchNamespaces" -}} -{{ .Release.Namespace }} -{{- end -}} - -{{- define "solr-operator.mTLS.clientCertDirectory" -}} -/etc/ssl/solr/client-cert -{{- end -}} - -{{- define "solr-operator.mTLS.caCertDirectory" -}} -/etc/ssl/solr/ca-cert -{{- end -}} -{{- define "solr-operator.mTLS.caCertName" -}} -rootSolrCert.pem -{{- end -}} - -{{- define "solr-operator.mTLS.volumeMounts" -}} -{{- if .Values.mTLS.clientCertSecret -}} -- name: tls-client-cert - mountPath: {{ include "solr-operator.mTLS.clientCertDirectory" . }} - readOnly: true -{{- end -}} -{{ if .Values.mTLS.caCertSecret }} -- name: tls-ca-cert - mountPath: {{ include "solr-operator.mTLS.caCertDirectory" . }} - readOnly: true -{{ end }} -{{- end -}} - -{{- define "solr-operator.mTLS.volumes" -}} -{{- if .Values.mTLS.clientCertSecret -}} -- name: tls-client-cert - secret: - secretName: {{ .Values.mTLS.clientCertSecret }} - optional: false -{{- end -}} -{{ if .Values.mTLS.caCertSecret }} -- name: tls-ca-cert - secret: - secretName: {{ .Values.mTLS.caCertSecret }} - items: - - key: {{ .Values.mTLS.caCertSecretKey }} - path: {{ include "solr-operator.mTLS.caCertName" . }} - optional: false -{{- end -}} +{{- define "solr-operator.name" -}} +{{ .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "solr-operator.fullname" -}} +{{ printf "%s-solr-operator" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "solr-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "solr-operator.serviceAccountName" -}} +{{ printf "%s-sa" (include "solr-operator.fullname" .) }} +{{- end }} + +{{- define "solr-operator.watchNamespaces" -}} +{{ .Release.Namespace }} +{{- end -}} + +{{- define "solr-operator.mTLS.clientCertDirectory" -}} +/etc/ssl/solr/client-cert +{{- end -}} + +{{- define "solr-operator.mTLS.caCertDirectory" -}} +/etc/ssl/solr/ca-cert +{{- end -}} +{{- define "solr-operator.mTLS.caCertName" -}} +rootSolrCert.pem +{{- end -}} + +{{- define "solr-operator.mTLS.volumeMounts" -}} +{{- if .Values.mTLS.clientCertSecret -}} +- name: tls-client-cert + mountPath: {{ include "solr-operator.mTLS.clientCertDirectory" . }} + readOnly: true +{{- end -}} +{{ if .Values.mTLS.caCertSecret }} +- name: tls-ca-cert + mountPath: {{ include "solr-operator.mTLS.caCertDirectory" . }} + readOnly: true +{{ end }} +{{- end -}} + +{{- define "solr-operator.mTLS.volumes" -}} +{{- if .Values.mTLS.clientCertSecret -}} +- name: tls-client-cert + secret: + secretName: {{ .Values.mTLS.clientCertSecret }} + optional: false +{{- end -}} +{{ if .Values.mTLS.caCertSecret }} +- name: tls-ca-cert + secret: + secretName: {{ .Values.mTLS.caCertSecret }} + items: + - key: {{ .Values.mTLS.caCertSecretKey }} + path: {{ include "solr-operator.mTLS.caCertName" . }} + optional: false +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/solr-operator/templates/deployment.yaml b/charts/solr-operator/templates/deployment.yaml index e3588088..bf8cbb54 100644 --- a/charts/solr-operator/templates/deployment.yaml +++ b/charts/solr-operator/templates/deployment.yaml @@ -1,87 +1,87 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "solr-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - control-plane: solr-operator -spec: - replicas: 1 - selector: - matchLabels: - control-plane: solr-operator - template: - metadata: - annotations: - prometheus.io/scrape: "true" - labels: - control-plane: solr-operator - spec: - serviceAccountName: {{ include "solr-operator.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "apache/solr-operator:{{ .Values.version }}" - imagePullPolicy: IfNotPresent - args: - {{- if (index .Values "zookeeper-operator" "install")}} - - -zk-operator=true - {{- else }} - - -zk-operator=false - {{- end }} - {{- if .Values.mTLS.clientCertSecret }} - - --tls-client-cert-path={{- include "solr-operator.mTLS.clientCertDirectory" . -}}/tls.crt - - --tls-client-cert-key-path={{- include "solr-operator.mTLS.clientCertDirectory" . -}}/tls.key - {{- end }} - {{- if .Values.mTLS.caCertSecret }} - - --tls-ca-cert-path={{- include "solr-operator.mTLS.caCertDirectory" . -}}/{{- include "solr-operator.mTLS.caCertName" . -}} - {{- end }} - {{- if .Values.mTLS.insecureSkipVerify }} - - --tls-skip-verify-server={{ .Values.mTLS.insecureSkipVerify }} - {{- end }} - - --tls-watch-cert={{ .Values.mTLS.watchForUpdates }} - - "--health-probe-bind-address=:8081" - {{- if .Values.metrics.enable }} - - "--metrics-bind-address=:8080" - {{- end }} - - "--leader-elect=true" - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- if (include "solr-operator.mTLS.volumeMounts" .) }} - volumeMounts: - {{- include "solr-operator.mTLS.volumeMounts" . | nindent 10 }} - {{- end }} - - {{- if .Values.metrics.enable }} - ports: - - containerPort: 8080 - name: metrics - {{- end }} - {{- if (include "solr-operator.mTLS.volumes" .) }} - volumes: - {{- include "solr-operator.mTLS.volumes" . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "solr-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + control-plane: solr-operator +spec: + replicas: 1 + selector: + matchLabels: + control-plane: solr-operator + template: + metadata: + annotations: + prometheus.io/scrape: "true" + labels: + control-plane: solr-operator + spec: + serviceAccountName: {{ include "solr-operator.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "apache/solr-operator:{{ .Values.version }}" + imagePullPolicy: IfNotPresent + args: + {{- if (index .Values "zookeeper-operator" "install")}} + - -zk-operator=true + {{- else }} + - -zk-operator=false + {{- end }} + {{- if .Values.mTLS.clientCertSecret }} + - --tls-client-cert-path={{- include "solr-operator.mTLS.clientCertDirectory" . -}}/tls.crt + - --tls-client-cert-key-path={{- include "solr-operator.mTLS.clientCertDirectory" . -}}/tls.key + {{- end }} + {{- if .Values.mTLS.caCertSecret }} + - --tls-ca-cert-path={{- include "solr-operator.mTLS.caCertDirectory" . -}}/{{- include "solr-operator.mTLS.caCertName" . -}} + {{- end }} + {{- if .Values.mTLS.insecureSkipVerify }} + - --tls-skip-verify-server={{ .Values.mTLS.insecureSkipVerify }} + {{- end }} + - --tls-watch-cert={{ .Values.mTLS.watchForUpdates }} + - "--health-probe-bind-address=:8081" + {{- if .Values.metrics.enable }} + - "--metrics-bind-address=:8080" + {{- end }} + - "--leader-elect=true" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- if (include "solr-operator.mTLS.volumeMounts" .) }} + volumeMounts: + {{- include "solr-operator.mTLS.volumeMounts" . | nindent 10 }} + {{- end }} + + {{- if .Values.metrics.enable }} + ports: + - containerPort: 8080 + name: metrics + {{- end }} + {{- if (include "solr-operator.mTLS.volumes" .) }} + volumes: + {{- include "solr-operator.mTLS.volumes" . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 10 diff --git a/charts/solr-operator/templates/leader-election-role-binding.yaml b/charts/solr-operator/templates/leader-election-role-binding.yaml index 173c615e..ecddae82 100644 --- a/charts/solr-operator/templates/leader-election-role-binding.yaml +++ b/charts/solr-operator/templates/leader-election-role-binding.yaml @@ -1,14 +1,14 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "solr-operator.fullname" . }}-leader-election-rolebinding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "solr-operator.fullname" . }}-leader-election-role -subjects: - - kind: ServiceAccount - name: {{ include "solr-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "solr-operator.fullname" . }}-leader-election-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "solr-operator.fullname" . }}-leader-election-role +subjects: + - kind: ServiceAccount + name: {{ include "solr-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + diff --git a/charts/solr-operator/templates/leader-election-role.yaml b/charts/solr-operator/templates/leader-election-role.yaml index 2bf73c6f..59df0bb4 100644 --- a/charts/solr-operator/templates/leader-election-role.yaml +++ b/charts/solr-operator/templates/leader-election-role.yaml @@ -1,37 +1,37 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "solr-operator.fullname" . }}-leader-election-role - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "solr-operator.fullname" . }}-leader-election-role + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/charts/solr-operator/templates/role-binding.yaml b/charts/solr-operator/templates/role-binding.yaml index daebf250..10c0bffe 100644 --- a/charts/solr-operator/templates/role-binding.yaml +++ b/charts/solr-operator/templates/role-binding.yaml @@ -1,13 +1,13 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "solr-operator.fullname" . }}-rolebinding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "solr-operator.fullname" . }}-role -subjects: - - kind: ServiceAccount - name: {{ include "solr-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "solr-operator.fullname" . }}-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "solr-operator.fullname" . }}-role +subjects: + - kind: ServiceAccount + name: {{ include "solr-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/solr-operator/templates/role.yaml b/charts/solr-operator/templates/role.yaml index 8474eb80..bf902057 100644 --- a/charts/solr-operator/templates/role.yaml +++ b/charts/solr-operator/templates/role.yaml @@ -1,152 +1,152 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "solr-operator.fullname" . }}-role - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - configmaps/status - - services/status - verbs: - - get -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - get - - patch -- apiGroups: - - apps - resources: - - deployments - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments/status - - statefulsets/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - solr.apache.org - resources: - - solrbackups - - solrclouds - - solrprometheusexporters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - solr.apache.org - resources: - - solrbackups/finalizers - - solrclouds/finalizers - - solrprometheusexporters/finalizers - verbs: - - update -- apiGroups: - - solr.apache.org - resources: - - solrbackups/status - - solrclouds/status - - solrprometheusexporters/status - verbs: - - get - - patch - - update -- apiGroups: - - zookeeper.pravega.io - resources: - - zookeeperclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - zookeeper.pravega.io - resources: - - zookeeperclusters/status - verbs: - - get - - +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "solr-operator.fullname" . }}-role + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - services/status + verbs: + - get +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - pods/status + verbs: + - get + - patch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + - statefulsets/status + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - solr.apache.org + resources: + - solrbackups + - solrclouds + - solrprometheusexporters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - solr.apache.org + resources: + - solrbackups/finalizers + - solrclouds/finalizers + - solrprometheusexporters/finalizers + verbs: + - update +- apiGroups: + - solr.apache.org + resources: + - solrbackups/status + - solrclouds/status + - solrprometheusexporters/status + verbs: + - get + - patch + - update +- apiGroups: + - zookeeper.pravega.io + resources: + - zookeeperclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - zookeeper.pravega.io + resources: + - zookeeperclusters/status + verbs: + - get + + diff --git a/charts/solr-operator/templates/serviceaccount.yaml b/charts/solr-operator/templates/serviceaccount.yaml index 256aa809..7237667c 100644 --- a/charts/solr-operator/templates/serviceaccount.yaml +++ b/charts/solr-operator/templates/serviceaccount.yaml @@ -1,5 +1,5 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "solr-operator.serviceAccountName" . }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "solr-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/solr-operator/values.yaml b/charts/solr-operator/values.yaml index 8ae680d6..23dd3c85 100644 --- a/charts/solr-operator/values.yaml +++ b/charts/solr-operator/values.yaml @@ -1,24 +1,24 @@ -version : "v0.9.0" - -zookeeper-operator: - install: true - crd: - create: true - -resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" - -mTLS: - clientCertSecret: "" - caCertSecret: "" - caCertSecretKey: ca-cert.pem - insecureSkipVerify: true - watchForUpdates: true - -metrics: - enable: true +version : "v0.9.0" + +zookeeper-operator: + install: true + crd: + create: true + +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" + +mTLS: + clientCertSecret: "" + caCertSecret: "" + caCertSecretKey: ca-cert.pem + insecureSkipVerify: true + watchForUpdates: true + +metrics: + enable: true diff --git a/charts/solr/Chart.yaml b/charts/solr/Chart.yaml index 320cbb09..82c89b71 100644 --- a/charts/solr/Chart.yaml +++ b/charts/solr/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying Apache Solr datastore -name: solr -version: 0.0.5 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying Apache Solr datastore +name: solr +version: 0.0.5 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/solr/Readme.md b/charts/solr/Readme.md index 9c8f41e9..29cb63d9 100644 --- a/charts/solr/Readme.md +++ b/charts/solr/Readme.md @@ -1,165 +1,165 @@ -# Solr Helm Chart - -The Solr Helm chart allows you to deploy Solr, an open-source enterprise search platform, in your Kubernetes cluster. Solr is highly reliable and scalable, enabling you to build search solutions for various applications. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -To add the Helm repository, run the following commands: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for additional details. - ---- - -## Install Helm Chart - -To install the Solr Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/solr -``` - -Replace `[RELEASE_NAME]` with your desired release name. For example: - -```bash -helm install my-solr zopdev/solr -``` - -For customized installation, provide a `values.yaml` file or override values during installation. - -See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for additional details. - ---- - -## Uninstall Helm Chart - -To uninstall the Solr Helm chart and remove all associated Kubernetes resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-solr -``` - -Refer to [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -Below are the configurable parameters for the Solr Helm chart: - -| **Input** | **Type** | **Description** | **Default** | -|----------------------------|-----------|------------------------------------------------------------------------|------------------| -| `image` | `string` | Docker image and tag for the Solr container. | `"solr:8.4"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Solr container. | `"100m"` | -| `resources.requests.memory`| `string` | Minimum memory resources required by the Solr container. | `"1Gi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the Solr container can use. | `"1"` | -| `resources.limits.memory` | `string` | Maximum memory resources the Solr container can use. | `"2Gi"` | -| `securityContext.runAsUser`| `integer` | User ID under which the Solr process runs for security. | `1001` | -| `securityContext.fsGroup` | `integer` | Group ID for filesystem permissions. | `1001` | -| `tlsSecretName` | `string` | Name of the Kubernetes secret for TLS certificates. | `""` | -| `host` | `string` | Hostname for Solr's HTTP endpoint. | `""` | -| `tlsHost` | `string` | Hostname for Solr's HTTPS endpoint. | `""` | -| `diskSize` | `string` | Size of the persistent volume for Solr data storage. | `"10Gi"` | - -You can override these values in a `values.yaml` file or via the command line. - ---- - -### Example `values.yaml` File - -```yaml -image: "solr:8.4" - -resources: - requests: - memory: "1Gi" - cpu: "200m" - limits: - memory: "4Gi" - cpu: "2" - -securityContext: - runAsUser: 1001 - fsGroup: 1001 - -tlsSecretName: "solr-tls-secret" -host: "solr.example.com" -tlsHost: "secure-solr.example.com" - -diskSize: "20Gi" -``` - -Apply the configuration file during installation: - -```bash -helm install my-solr zopdev/solr -f values.yaml -``` - ---- - -## Features - -- **High Security:** The Helm chart allows you to configure secure environments using `securityContext` and TLS secrets. -- **Persistent Storage:** Persistent volumes ensure that Solr's data is durable across deployments. -- **Resource Control:** Customizable CPU and memory resource allocations to optimize performance. -- **Scalable Deployment:** Easily scale resources or replicas for production use. - ---- - -## Advanced Usage - -### TLS Configuration - -To enable secure communication, specify a Kubernetes secret containing TLS certificates in the `tlsSecretName` field. You can also set `host` and `tlsHost` for custom endpoints. - -```yaml -tlsSecretName: "solr-tls-secret" -host: "solr.example.com" -tlsHost: "secure-solr.example.com" -``` - -### Persistent Volume Configuration - -Customize the disk size and storage class to match your requirements: - -```yaml -diskSize: "50Gi" -storageClass: "fast-storage" -``` - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Solr Helm Chart + +The Solr Helm chart allows you to deploy Solr, an open-source enterprise search platform, in your Kubernetes cluster. Solr is highly reliable and scalable, enabling you to build search solutions for various applications. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +To add the Helm repository, run the following commands: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for additional details. + +--- + +## Install Helm Chart + +To install the Solr Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/solr +``` + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +```bash +helm install my-solr zopdev/solr +``` + +For customized installation, provide a `values.yaml` file or override values during installation. + +See [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for additional details. + +--- + +## Uninstall Helm Chart + +To uninstall the Solr Helm chart and remove all associated Kubernetes resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-solr +``` + +Refer to [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +Below are the configurable parameters for the Solr Helm chart: + +| **Input** | **Type** | **Description** | **Default** | +|----------------------------|-----------|------------------------------------------------------------------------|------------------| +| `image` | `string` | Docker image and tag for the Solr container. | `"solr:8.4"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Solr container. | `"100m"` | +| `resources.requests.memory`| `string` | Minimum memory resources required by the Solr container. | `"1Gi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Solr container can use. | `"1"` | +| `resources.limits.memory` | `string` | Maximum memory resources the Solr container can use. | `"2Gi"` | +| `securityContext.runAsUser`| `integer` | User ID under which the Solr process runs for security. | `1001` | +| `securityContext.fsGroup` | `integer` | Group ID for filesystem permissions. | `1001` | +| `tlsSecretName` | `string` | Name of the Kubernetes secret for TLS certificates. | `""` | +| `host` | `string` | Hostname for Solr's HTTP endpoint. | `""` | +| `tlsHost` | `string` | Hostname for Solr's HTTPS endpoint. | `""` | +| `diskSize` | `string` | Size of the persistent volume for Solr data storage. | `"10Gi"` | + +You can override these values in a `values.yaml` file or via the command line. + +--- + +### Example `values.yaml` File + +```yaml +image: "solr:8.4" + +resources: + requests: + memory: "1Gi" + cpu: "200m" + limits: + memory: "4Gi" + cpu: "2" + +securityContext: + runAsUser: 1001 + fsGroup: 1001 + +tlsSecretName: "solr-tls-secret" +host: "solr.example.com" +tlsHost: "secure-solr.example.com" + +diskSize: "20Gi" +``` + +Apply the configuration file during installation: + +```bash +helm install my-solr zopdev/solr -f values.yaml +``` + +--- + +## Features + +- **High Security:** The Helm chart allows you to configure secure environments using `securityContext` and TLS secrets. +- **Persistent Storage:** Persistent volumes ensure that Solr's data is durable across deployments. +- **Resource Control:** Customizable CPU and memory resource allocations to optimize performance. +- **Scalable Deployment:** Easily scale resources or replicas for production use. + +--- + +## Advanced Usage + +### TLS Configuration + +To enable secure communication, specify a Kubernetes secret containing TLS certificates in the `tlsSecretName` field. You can also set `host` and `tlsHost` for custom endpoints. + +```yaml +tlsSecretName: "solr-tls-secret" +host: "solr.example.com" +tlsHost: "secure-solr.example.com" +``` + +### Persistent Volume Configuration + +Customize the disk size and storage class to match your requirements: + +```yaml +diskSize: "50Gi" +storageClass: "fast-storage" +``` + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/solr/templates/_helpers.tpl b/charts/solr/templates/_helpers.tpl index a399ea1d..d1f90eef 100644 --- a/charts/solr/templates/_helpers.tpl +++ b/charts/solr/templates/_helpers.tpl @@ -1,29 +1,29 @@ -{{- define "solr.hashPassword" -}} -{{- $password := .rootPassword }} - -{{- $magicNum := 101559956668416 }} - -{{- /* Generate salt components */}} -{{- $rand1 := randInt 0 $magicNum }} -{{- $num1 := sub $magicNum $rand1 }} -{{- $rand2 := randInt 0 $magicNum }} -{{- $num2 := sub $magicNum $rand2 }} - -{{- /* Convert numbers to base36-like encoding */}} -{{- $base36num1 := toString $num1 | b64enc }} -{{- $base36num2 := toString $num2 | b64enc }} - -{{- /* Create salt */}} -{{- $salt := print (substr 1 -1 $base36num1) (substr 1 -1 $base36num2) }} - -{{- /* Hash operations */}} -{{- $saltedInput := print $salt $password }} -{{- $firstHash := $saltedInput | sha256sum }} -{{- $secondHash := $firstHash | sha256sum }} - -{{- /* Final encoding */}} -{{- $finalHash := $secondHash | b64enc }} -{{- $encodedSalt := $salt | b64enc }} - -{{- printf "%s %s" $finalHash $encodedSalt }} -{{- end }} +{{- define "solr.hashPassword" -}} +{{- $password := .rootPassword }} + +{{- $magicNum := 101559956668416 }} + +{{- /* Generate salt components */}} +{{- $rand1 := randInt 0 $magicNum }} +{{- $num1 := sub $magicNum $rand1 }} +{{- $rand2 := randInt 0 $magicNum }} +{{- $num2 := sub $magicNum $rand2 }} + +{{- /* Convert numbers to base36-like encoding */}} +{{- $base36num1 := toString $num1 | b64enc }} +{{- $base36num2 := toString $num2 | b64enc }} + +{{- /* Create salt */}} +{{- $salt := print (substr 1 -1 $base36num1) (substr 1 -1 $base36num2) }} + +{{- /* Hash operations */}} +{{- $saltedInput := print $salt $password }} +{{- $firstHash := $saltedInput | sha256sum }} +{{- $secondHash := $firstHash | sha256sum }} + +{{- /* Final encoding */}} +{{- $finalHash := $secondHash | b64enc }} +{{- $encodedSalt := $salt | b64enc }} + +{{- printf "%s %s" $finalHash $encodedSalt }} +{{- end }} diff --git a/charts/solr/templates/alerts.yaml b/charts/solr/templates/alerts.yaml index 417f5a37..675c6606 100644 --- a/charts/solr/templates/alerts.yaml +++ b/charts/solr/templates/alerts.yaml @@ -1,92 +1,92 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-solr.rules - rules: - - alert: SolrDown - expr: up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} == 0 - for: 0m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} is down' - description: 'Solr instance {{ .Release.Name }} is down' - - - alert: SolrHighHeapMemoryUsage - expr: | - solr_metrics_jvm_memory_heap_bytes{item="used", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} - / solr_metrics_jvm_memory_heap_bytes{item="max", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} * 100 > 80 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} high heap memory usage' - description: 'More than 80% of Solr heap memory is in use for {{ .Release.Name }}' - - - alert: SolrHighCpuUsage - expr: | - solr_metrics_jvm_os_cpu_load{item="processCpuLoad", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} > 0.8 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} high CPU usage' - description: 'Solr instance {{ .Release.Name }} CPU load is > 80%' - - - alert: SolrLowDiskSpace - expr: | - solr_metrics_node_core_root_fs_bytes{item="usableSpace", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} - / solr_metrics_node_core_root_fs_bytes{item="totalSpace", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} * 100 < 15 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} low disk space' - description: 'Solr instance {{ .Release.Name }} has less than 15% free disk space' - - - alert: SolrServerErrors - expr: | - increase(solr_metrics_node_server_errors_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"}[1m]) > 0 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} server errors' - description: 'Solr instance {{ .Release.Name }} is experiencing server errors' - - - alert: SolrClientErrors - expr: | - increase(solr_metrics_node_client_errors_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"}[1m]) > 10 - for: 2m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solr instance {{ .Release.Name }} client errors' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-solr.rules + rules: + - alert: SolrDown + expr: up{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} == 0 + for: 0m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} is down' + description: 'Solr instance {{ .Release.Name }} is down' + + - alert: SolrHighHeapMemoryUsage + expr: | + solr_metrics_jvm_memory_heap_bytes{item="used", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} + / solr_metrics_jvm_memory_heap_bytes{item="max", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} * 100 > 80 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} high heap memory usage' + description: 'More than 80% of Solr heap memory is in use for {{ .Release.Name }}' + + - alert: SolrHighCpuUsage + expr: | + solr_metrics_jvm_os_cpu_load{item="processCpuLoad", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} > 0.8 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} high CPU usage' + description: 'Solr instance {{ .Release.Name }} CPU load is > 80%' + + - alert: SolrLowDiskSpace + expr: | + solr_metrics_node_core_root_fs_bytes{item="usableSpace", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} + / solr_metrics_node_core_root_fs_bytes{item="totalSpace", namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} * 100 < 15 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} low disk space' + description: 'Solr instance {{ .Release.Name }} has less than 15% free disk space' + + - alert: SolrServerErrors + expr: | + increase(solr_metrics_node_server_errors_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"}[1m]) > 0 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} server errors' + description: 'Solr instance {{ .Release.Name }} is experiencing server errors' + + - alert: SolrClientErrors + expr: | + increase(solr_metrics_node_client_errors_total{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"}[1m]) > 10 + for: 2m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solr instance {{ .Release.Name }} client errors' description: 'Solr instance {{ .Release.Name }} is experiencing > 10 client errors per minute' \ No newline at end of file diff --git a/charts/solr/templates/configmap.yaml b/charts/solr/templates/configmap.yaml index c3935daf..4a1077f7 100644 --- a/charts/solr/templates/configmap.yaml +++ b/charts/solr/templates/configmap.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-solr-configmap - namespace: {{ $.Release.Namespace }} -data: - SOLR_HOST: {{ $.Release.Name }}-solr - SOLR_PORT: "8983" +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-solr-configmap + namespace: {{ $.Release.Namespace }} +data: + SOLR_HOST: {{ $.Release.Name }}-solr + SOLR_PORT: "8983" diff --git a/charts/solr/templates/ingress.yaml b/charts/solr/templates/ingress.yaml index 83093bec..debd862c 100644 --- a/charts/solr/templates/ingress.yaml +++ b/charts/solr/templates/ingress.yaml @@ -1,30 +1,30 @@ -{{- if and .Values.host .Values.solrRootPassword }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-solr - namespace: {{ .Release.Namespace }} - labels: - app: solr - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: "" - nginx.ingress.kubernetes.io/auth-secret: "" - nginx.ingress.kubernetes.io/auth-type: "" -spec: - rules: - - host: {{ .Values.host }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-solr - port: - number: 8983 - tls: - - hosts: - - '{{ .Values.tlsHost | default .Values.host }}' - secretName: {{ .Values.tlsSecretName | default "tls-secret-replica" }} -{{- end }} +{{- if and .Values.host .Values.solrRootPassword }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-solr + namespace: {{ .Release.Namespace }} + labels: + app: solr + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: "" + nginx.ingress.kubernetes.io/auth-secret: "" + nginx.ingress.kubernetes.io/auth-type: "" +spec: + rules: + - host: {{ .Values.host }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ .Release.Name }}-solr + port: + number: 8983 + tls: + - hosts: + - '{{ .Values.tlsHost | default .Values.host }}' + secretName: {{ .Values.tlsSecretName | default "tls-secret-replica" }} +{{- end }} diff --git a/charts/solr/templates/init-solr-security.yaml b/charts/solr/templates/init-solr-security.yaml index a22722f5..9949bc49 100644 --- a/charts/solr/templates/init-solr-security.yaml +++ b/charts/solr/templates/init-solr-security.yaml @@ -1,21 +1,21 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-solr-security-config -data: - security.json: | - { - "authentication":{ - "blockUnknown": false, - "class":"solr.BasicAuthPlugin", - "credentials":{"admin":"{{ include "solr.hashPassword" . }}"}, - "realm":"Solr users", - "forwardCredentials": false - }, - "authorization":{ - "class":"solr.RuleBasedAuthorizationPlugin", - "permissions":[{"name":"security-edit", - "role":"admin"}], - "user-role":{ "admin":"admin"} - } +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-solr-security-config +data: + security.json: | + { + "authentication":{ + "blockUnknown": false, + "class":"solr.BasicAuthPlugin", + "credentials":{"admin":"{{ include "solr.hashPassword" . }}"}, + "realm":"Solr users", + "forwardCredentials": false + }, + "authorization":{ + "class":"solr.RuleBasedAuthorizationPlugin", + "permissions":[{"name":"security-edit", + "role":"admin"}], + "user-role":{ "admin":"admin"} + } } \ No newline at end of file diff --git a/charts/solr/templates/secret.yaml b/charts/solr/templates/secret.yaml index 93261f31..5aa52da3 100644 --- a/charts/solr/templates/secret.yaml +++ b/charts/solr/templates/secret.yaml @@ -1,21 +1,21 @@ -{{- $secretName := printf "%s-solr-root-secret" .Release.Name }} - -{{/* Generate a strong root password only if not already set */}} -{{- $generatedRootPassword := printf "%s" (randAlpha 6 | lower ) }} - -{{- $rootPassword := $generatedRootPassword }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - {{- if .Release.IsInstall }} - root-password: {{ $rootPassword | b64enc }} - {{ else }} - root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} - {{ end }} - hashed-password: {{ include "solr.hashPassword" (dict "rootPassword" $rootPassword) | b64enc }} +{{- $secretName := printf "%s-solr-root-secret" .Release.Name }} + +{{/* Generate a strong root password only if not already set */}} +{{- $generatedRootPassword := printf "%s" (randAlpha 6 | lower ) }} + +{{- $rootPassword := $generatedRootPassword }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{- if .Release.IsInstall }} + root-password: {{ $rootPassword | b64enc }} + {{ else }} + root-password: {{ index (lookup "v1" "Secret" .Release.Namespace $secretName ).data "root-password" }} + {{ end }} + hashed-password: {{ include "solr.hashPassword" (dict "rootPassword" $rootPassword) | b64enc }} diff --git a/charts/solr/templates/service.yaml b/charts/solr/templates/service.yaml index 96c0b4e7..9d20e110 100644 --- a/charts/solr/templates/service.yaml +++ b/charts/solr/templates/service.yaml @@ -1,20 +1,20 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-solr - namespace: {{ .Release.Namespace }} - labels: - app: solr -spec: - selector: - app: solr - type: ClusterIP - ports: - - protocol: TCP - port: 8983 - targetPort: 8983 - name: solr - - protocol: TCP - port: 2121 - targetPort: 2121 - name: metrics +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-solr + namespace: {{ .Release.Namespace }} + labels: + app: solr +spec: + selector: + app: solr + type: ClusterIP + ports: + - protocol: TCP + port: 8983 + targetPort: 8983 + name: solr + - protocol: TCP + port: 2121 + targetPort: 2121 + name: metrics diff --git a/charts/solr/templates/serviceMonitor.yaml b/charts/solr/templates/serviceMonitor.yaml index 984c902f..378f1f98 100644 --- a/charts/solr/templates/serviceMonitor.yaml +++ b/charts/solr/templates/serviceMonitor.yaml @@ -1,16 +1,16 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-solr - namespace: {{ .Release.Namespace }} - labels: - app: solr - release: prometheus -spec: - selector: - matchLabels: - app: solr - endpoints: - - port: metrics - interval: 30s +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-solr + namespace: {{ .Release.Namespace }} + labels: + app: solr + release: prometheus +spec: + selector: + matchLabels: + app: solr + endpoints: + - port: metrics + interval: 30s path: /metrics \ No newline at end of file diff --git a/charts/solr/templates/statefulset.yaml b/charts/solr/templates/statefulset.yaml index 8383a733..0e048143 100644 --- a/charts/solr/templates/statefulset.yaml +++ b/charts/solr/templates/statefulset.yaml @@ -1,103 +1,103 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Release.Name }}-solr - namespace: {{ .Release.Namespace }} - labels: - app: solr -spec: - replicas: 1 - selector: - matchLabels: - app: solr - serviceName: {{ .Release.Name }}-solr - template: - metadata: - labels: - app: solr - spec: - securityContext: - runAsUser: 1001 - fsGroup: 1001 - containers: - - name: solr - image: "solr:{{ .Values.version }}" - ports: - - containerPort: 8983 - env: - - name: SOLR_HOME - value: "/var/solr/data" - - name: SOLR_JAVA_MEM - value: "-Xms2g -Xmx2g" - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - livenessProbe: - httpGet: - path: /solr/ - port: 8983 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /solr/ - port: 8983 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - volumeMounts: - - name: solr-data - mountPath: /var/solr - - name: security-config - mountPath: /var/solr/data/security.json - subPath: security.json - - name: solr-exporter - image: "solr:{{ .Values.version }}" - command: - - "/opt/solr/contrib/prometheus-exporter/bin/solr-exporter" - - "-p" - - "2121" - - "-b" - - "http://localhost:8983/solr" - - "-config-file" - - "/opt/solr/contrib/prometheus-exporter/conf/solr-exporter-config.xml" - ports: - - containerPort: 2121 - name: metrics - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 200m - memory: 512Mi - livenessProbe: - httpGet: - path: /metrics - port: 2121 - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: 2121 - initialDelaySeconds: 15 - periodSeconds: 10 - volumes: - - name: security-config - configMap: - name: {{ .Release.Name }}-solr-security-config - volumeClaimTemplates: - - metadata: - name: solr-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.diskSize }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-solr + namespace: {{ .Release.Namespace }} + labels: + app: solr +spec: + replicas: 1 + selector: + matchLabels: + app: solr + serviceName: {{ .Release.Name }}-solr + template: + metadata: + labels: + app: solr + spec: + securityContext: + runAsUser: 1001 + fsGroup: 1001 + containers: + - name: solr + image: "solr:{{ .Values.version }}" + ports: + - containerPort: 8983 + env: + - name: SOLR_HOME + value: "/var/solr/data" + - name: SOLR_JAVA_MEM + value: "-Xms2g -Xmx2g" + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + livenessProbe: + httpGet: + path: /solr/ + port: 8983 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /solr/ + port: 8983 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + volumeMounts: + - name: solr-data + mountPath: /var/solr + - name: security-config + mountPath: /var/solr/data/security.json + subPath: security.json + - name: solr-exporter + image: "solr:{{ .Values.version }}" + command: + - "/opt/solr/contrib/prometheus-exporter/bin/solr-exporter" + - "-p" + - "2121" + - "-b" + - "http://localhost:8983/solr" + - "-config-file" + - "/opt/solr/contrib/prometheus-exporter/conf/solr-exporter-config.xml" + ports: + - containerPort: 2121 + name: metrics + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 200m + memory: 512Mi + livenessProbe: + httpGet: + path: /metrics + port: 2121 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /metrics + port: 2121 + initialDelaySeconds: 15 + periodSeconds: 10 + volumes: + - name: security-config + configMap: + name: {{ .Release.Name }}-solr-security-config + volumeClaimTemplates: + - metadata: + name: solr-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.diskSize }} diff --git a/charts/solr/values.schema.json b/charts/solr/values.schema.json index 6c62cdc2..f9e667c5 100644 --- a/charts/solr/values.schema.json +++ b/charts/solr/values.schema.json @@ -1,58 +1,58 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "default": "9.8", - "mutable": true - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "2500Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "250m", "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "default": "3000Mi", "mutable": true - }, - "cpu": { - "type": "string", - "default": "500m", "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "default": "10Gi", "mutable": true, - "editDisabled": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "default": "9.8", + "mutable": true + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "2500Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "250m", "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "default": "3000Mi", "mutable": true + }, + "cpu": { + "type": "string", + "default": "500m", "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "default": "10Gi", "mutable": true, + "editDisabled": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } } \ No newline at end of file diff --git a/charts/solr/values.yaml b/charts/solr/values.yaml index 41a41ea3..c41ed891 100644 --- a/charts/solr/values.yaml +++ b/charts/solr/values.yaml @@ -1,11 +1,11 @@ -version: "9.8" - -resources: - requests: - memory: "2500Mi" - cpu: "250m" - limits: - memory: "3000Mi" - cpu: "500m" - -diskSize: "10Gi" +version: "9.8" + +resources: + requests: + memory: "2500Mi" + cpu: "250m" + limits: + memory: "3000Mi" + cpu: "500m" + +diskSize: "10Gi" diff --git a/charts/solrcloud/Chart.lock b/charts/solrcloud/Chart.lock index 57409322..bc479f13 100644 --- a/charts/solrcloud/Chart.lock +++ b/charts/solrcloud/Chart.lock @@ -1,6 +1,6 @@ -dependencies: -- name: solr-operator - repository: https://helm.zop.dev - version: v0.0.1 -digest: sha256:7567d50a6f686a97bf9e43284ccb8b72ad9a3e50b1c7027172a76064df54f40d -generated: "2025-04-29T16:19:35.871851+05:30" +dependencies: +- name: solr-operator + repository: https://helm.zop.dev + version: v0.0.1 +digest: sha256:7567d50a6f686a97bf9e43284ccb8b72ad9a3e50b1c7027172a76064df54f40d +generated: "2025-04-29T16:19:35.871851+05:30" diff --git a/charts/solrcloud/Chart.yaml b/charts/solrcloud/Chart.yaml index 3ec43e82..87c4f9df 100644 --- a/charts/solrcloud/Chart.yaml +++ b/charts/solrcloud/Chart.yaml @@ -1,15 +1,15 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying Apache SolrCloud datastore -name: solrcloud -version: 0.0.4 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png" -maintainers: - - name: ZopDev - url: zop.dev -dependencies: - - name: 'solr-operator' - version: 0.0.1 - repository: https://helm.zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying Apache SolrCloud datastore +name: solrcloud +version: 0.0.4 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png" +maintainers: + - name: ZopDev + url: zop.dev +dependencies: + - name: 'solr-operator' + version: 0.0.1 + repository: https://helm.zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/solrcloud/README.md b/charts/solrcloud/README.md index a0865ebb..3cca759c 100644 --- a/charts/solrcloud/README.md +++ b/charts/solrcloud/README.md @@ -1,195 +1,195 @@ -# SolrCloud Helm Chart - -This Helm chart deploys Apache SolrCloud on Kubernetes, providing a highly available, distributed search platform. SolrCloud is built on Apache Solr and offers features like distributed indexing, automatic sharding, and fault tolerance. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- Solr Operator installed in the cluster (automatically installed as a dependency) - ---- - -## Dependencies - -Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: - -```bash -helm dependency build -``` - -This command will: -1. Read the dependencies from `Chart.yaml` -2. Download the required charts (Solr Operator) from the specified repositories -3. Store them in the `charts/` directory -4. Create or update the `Chart.lock` file with the exact versions - -If you encounter any issues with the dependencies, you can try: -```bash -helm dependency update # Updates dependencies to the latest versions -``` - -This chart requires the following dependencies to be installed: - -### Solr Operator -- **Chart**: `solr-operator` -- **Version**: `0.0.1` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Manages the SolrCloud cluster lifecycle, including scaling, updates, and maintenance operations - -To install this dependency automatically, ensure the following in your `values.yaml`: - -```yaml -solr-operator: - enabled: true - # Additional Solr Operator configuration... -``` - -The dependency will be automatically installed when you deploy the SolrCloud chart. You can customize its configuration through the respective section in your `values.yaml` file. - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the SolrCloud Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/solrcloud -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-solrcloud zopdev/solrcloud -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the SolrCloud Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-solrcloud -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The SolrCloud Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -| **Input** | **Type** | **Description** | **Default** | -|-------------------------------------------|----------|------------------------------------------------------|-------------| -| `version` | `string` | Version of Solr to deploy. | `"8.11"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by each Solr pod. | `"500m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required by each Solr pod. | `"500Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources each Solr pod can use. | `"1000m"` | -| `resources.limits.memory` | `string` | Maximum memory resources each Solr pod can use. | `"1500Mi"` | -| `diskSize` | `string` | Size of the persistent volume for Solr data storage. | `"20Gi"` | -| `solr-operator.version` | `string` | Version of the Solr Operator to deploy. | `"v0.9.0"` | -| `solr-operator.resources.requests.cpu` | `string` | Minimum CPU resources for the Solr Operator. | `"100m"` | -| `solr-operator.resources.requests.memory` | `string` | Minimum memory resources for the Solr Operator. | `"128Mi"` | -| `solr-operator.resources.limits.cpu` | `string` | Maximum CPU resources for the Solr Operator. | `"200m"` | -| `solr-operator.resources.limits.memory` | `string` | Maximum memory resources for the Solr Operator. | `"256Mi"` | - ---- - -## Example `values.yaml` - -```yaml -version: "8.11" - -resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1000m" - memory: "1500Mi" - -diskSize : "20Gi" - -solr-operator: - version : "v0.9.0" - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" -``` - ---- - -## Features - -- Deploys a fully configured SolrCloud cluster -- Automatic Zookeeper ensemble management -- Persistent storage for Solr data -- Basic authentication enabled by default -- Pod disruption budget for high availability -- Automatic scaling with pod vacate/populate -- Managed update strategy -- Customizable resource limits and requests -- Automatic Solr Operator deployment - ---- - -## Architecture - -The SolrCloud deployment includes: -- SolrCloud cluster with configurable resources -- Zookeeper ensemble (3 replicas by default) -- Persistent volume claims for data storage -- Pod disruption budget for high availability -- Solr Operator for cluster management -- Basic authentication security -- Configurable update and scaling strategies - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - -This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. +# SolrCloud Helm Chart + +This Helm chart deploys Apache SolrCloud on Kubernetes, providing a highly available, distributed search platform. SolrCloud is built on Apache Solr and offers features like distributed indexing, automatic sharding, and fault tolerance. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- Solr Operator installed in the cluster (automatically installed as a dependency) + +--- + +## Dependencies + +Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: + +```bash +helm dependency build +``` + +This command will: +1. Read the dependencies from `Chart.yaml` +2. Download the required charts (Solr Operator) from the specified repositories +3. Store them in the `charts/` directory +4. Create or update the `Chart.lock` file with the exact versions + +If you encounter any issues with the dependencies, you can try: +```bash +helm dependency update # Updates dependencies to the latest versions +``` + +This chart requires the following dependencies to be installed: + +### Solr Operator +- **Chart**: `solr-operator` +- **Version**: `0.0.1` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Manages the SolrCloud cluster lifecycle, including scaling, updates, and maintenance operations + +To install this dependency automatically, ensure the following in your `values.yaml`: + +```yaml +solr-operator: + enabled: true + # Additional Solr Operator configuration... +``` + +The dependency will be automatically installed when you deploy the SolrCloud chart. You can customize its configuration through the respective section in your `values.yaml` file. + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the SolrCloud Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/solrcloud +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-solrcloud zopdev/solrcloud +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the SolrCloud Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-solrcloud +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The SolrCloud Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +| **Input** | **Type** | **Description** | **Default** | +|-------------------------------------------|----------|------------------------------------------------------|-------------| +| `version` | `string` | Version of Solr to deploy. | `"8.11"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by each Solr pod. | `"500m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by each Solr pod. | `"500Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources each Solr pod can use. | `"1000m"` | +| `resources.limits.memory` | `string` | Maximum memory resources each Solr pod can use. | `"1500Mi"` | +| `diskSize` | `string` | Size of the persistent volume for Solr data storage. | `"20Gi"` | +| `solr-operator.version` | `string` | Version of the Solr Operator to deploy. | `"v0.9.0"` | +| `solr-operator.resources.requests.cpu` | `string` | Minimum CPU resources for the Solr Operator. | `"100m"` | +| `solr-operator.resources.requests.memory` | `string` | Minimum memory resources for the Solr Operator. | `"128Mi"` | +| `solr-operator.resources.limits.cpu` | `string` | Maximum CPU resources for the Solr Operator. | `"200m"` | +| `solr-operator.resources.limits.memory` | `string` | Maximum memory resources for the Solr Operator. | `"256Mi"` | + +--- + +## Example `values.yaml` + +```yaml +version: "8.11" + +resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1000m" + memory: "1500Mi" + +diskSize : "20Gi" + +solr-operator: + version : "v0.9.0" + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" +``` + +--- + +## Features + +- Deploys a fully configured SolrCloud cluster +- Automatic Zookeeper ensemble management +- Persistent storage for Solr data +- Basic authentication enabled by default +- Pod disruption budget for high availability +- Automatic scaling with pod vacate/populate +- Managed update strategy +- Customizable resource limits and requests +- Automatic Solr Operator deployment + +--- + +## Architecture + +The SolrCloud deployment includes: +- SolrCloud cluster with configurable resources +- Zookeeper ensemble (3 replicas by default) +- Persistent volume claims for data storage +- Pod disruption budget for high availability +- Solr Operator for cluster management +- Basic authentication security +- Configurable update and scaling strategies + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. diff --git a/charts/solrcloud/templates/_custom_option_helpers.tpl b/charts/solrcloud/templates/_custom_option_helpers.tpl index b7dd3b5e..1acdf2a9 100644 --- a/charts/solrcloud/templates/_custom_option_helpers.tpl +++ b/charts/solrcloud/templates/_custom_option_helpers.tpl @@ -1,33 +1,33 @@ -{{- define "solr.custom-kube-options.pod.filler" -}} -{{- if .Values.resources -}} -resources: - {{- toYaml .Values.resources | nindent 2 }} -{{ end }} -{{- end -}} - -{{- define "solr.custom-kube-options.stateful-set.filler" }} -{{- end -}} - -{{- define "solr.custom-kube-options.filler" -}} -{{- with (include "solr.custom-kube-options.pod.filler" .) -}} -{{- if . -}} -podOptions: - {{- . | nindent 2 -}} -{{ end }} -{{ end }} -{{- with (include "solr.custom-kube-options.stateful-set.filler" .) -}} -{{- if . -}} -statefulSetOptions: - {{- . | nindent 2 -}} -{{ end }} -{{ end }} -{{- end -}} - -{{- define "solr.custom-kube-options" -}} -{{- with (include "solr.custom-kube-options.filler" .) -}} -{{- if . -}} -customSolrKubeOptions: - {{- . | nindent 2 -}} -{{ end }} -{{ end }} +{{- define "solr.custom-kube-options.pod.filler" -}} +{{- if .Values.resources -}} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{ end }} +{{- end -}} + +{{- define "solr.custom-kube-options.stateful-set.filler" }} +{{- end -}} + +{{- define "solr.custom-kube-options.filler" -}} +{{- with (include "solr.custom-kube-options.pod.filler" .) -}} +{{- if . -}} +podOptions: + {{- . | nindent 2 -}} +{{ end }} +{{ end }} +{{- with (include "solr.custom-kube-options.stateful-set.filler" .) -}} +{{- if . -}} +statefulSetOptions: + {{- . | nindent 2 -}} +{{ end }} +{{ end }} +{{- end -}} + +{{- define "solr.custom-kube-options" -}} +{{- with (include "solr.custom-kube-options.filler" .) -}} +{{- if . -}} +customSolrKubeOptions: + {{- . | nindent 2 -}} +{{ end }} +{{ end }} {{- end -}} \ No newline at end of file diff --git a/charts/solrcloud/templates/_helpers.tpl b/charts/solrcloud/templates/_helpers.tpl index 7d3a1ae6..82692f56 100644 --- a/charts/solrcloud/templates/_helpers.tpl +++ b/charts/solrcloud/templates/_helpers.tpl @@ -1,26 +1,26 @@ -{{- define "solr.name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "solr.fullname" -}} -{{- printf "%s-solrcloud" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "solr.fullname-no-suffix" -}} -{{ include "solr.fullname" . | trimSuffix "-solrcloud" | trimSuffix "-solr" }} -{{- end }} - -{{- define "solr.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "solr.labels" -}} -helm.sh/chart: {{ include "solr.chart" . }} -{{ include "solr.selectorLabels" . }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} - -{{- define "solr.selectorLabels" -}} -app.kubernetes.io/name: {{ include "solr.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- define "solr.name" -}} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "solr.fullname" -}} +{{- printf "%s-solrcloud" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "solr.fullname-no-suffix" -}} +{{ include "solr.fullname" . | trimSuffix "-solrcloud" | trimSuffix "-solr" }} +{{- end }} + +{{- define "solr.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "solr.labels" -}} +helm.sh/chart: {{ include "solr.chart" . }} +{{ include "solr.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "solr.selectorLabels" -}} +app.kubernetes.io/name: {{ include "solr.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} \ No newline at end of file diff --git a/charts/solrcloud/templates/alerts.yaml b/charts/solrcloud/templates/alerts.yaml index 687a66fe..377c74d0 100644 --- a/charts/solrcloud/templates/alerts.yaml +++ b/charts/solrcloud/templates/alerts.yaml @@ -1,141 +1,141 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - generation: 1 - labels: - app: kube-prometheus-stack - heritage: Helm - release: prometheus -spec: - groups: - - name: {{ .Release.Namespace }}.{{ .Release.Name }}-solr.rules - rules: - - alert: SolrDown - expr: solr_ping{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} == 0 - for: 1m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'All Solrcloud instances of {{ .Release.Name }} are down' - description: 'Solrcloud instance of {{ .Release.Name }} are down' - - - alert: ZooKeeperDown - expr: solr_zookeeper_status{namespace="{{ .Release.Namespace }}"} == 0 - for: 1m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'ZooKeeper ensemble for Solrcloud {{ .Release.Name }} is down' - description: 'ZooKeeper ensemble health check failed for Solr cluster {{ .Release.Name }}' - - - alert: SolrHighQueryLatency - expr: | - avg(solr_metrics_core_query_local_p95_ms{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*", - searchHandler="/select" - }) > 500 - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud {{ .Release.Name }} high query latency' - description: 'Solrcloud p95 query latency is >500ms for 5 minutes' - - - alert: SolrLowCacheHitRatio - expr: | - avg(solr_metrics_core_searcher_cache_ratio{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*", - type="queryResultCache", - item="hitratio" - }) < 0.7 - for: 10m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud {{ .Release.Name }} low cache hit ratio' - description: 'Query result cache hit ratio is below 70% for 10 minutes' - - - alert: SolrHighHeapUsage - expr: | - avg(solr_metrics_jvm_memory_heap_bytes{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*", - item="used" - } / - solr_metrics_jvm_memory_heap_bytes{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*", - item="max" - }) > 0.85 - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud {{ .Release.Name }} high JVM heap usage' - description: 'JVM heap usage is above 85% for 5 minutes' - - - alert: SolrReplicaNotActive - expr: solr_collections_replica_state{namespace="{{ .Release.Namespace }}", state!="active"} == 1 - for: 5m - labels: - severity: critical - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud replica {{ .Release.Name }} is not active' - description: 'Solrcloud replica in collection {{ .Release.Name }} has been inactive for 5 minutes' - - - alert: SolrHighGC - expr: | - rate(solr_metrics_jvm_gc_seconds_total{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*" - }[5m]) > 5 - for: 10m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud {{ .Release.Name }} high GC activity' - description: 'JVM garbage collection is taking more than 5 seconds per minute' - - - alert: SolrHighHTTPErrors - expr: | - sum by (instance) ( - rate(solr_metrics_jetty_response_total{ - namespace="{{ .Release.Namespace }}", - instance=~"{{ .Release.Name }}-solr-.*", - status=~"4xx|5xx" - }[5m]) - ) > 10 - for: 5m - labels: - severity: warning - servicealert: "true" - namespace: {{ .Release.Namespace }} - service: {{ .Values.name }} - annotations: - summary: 'Solrcloud {{ .Release.Name }} high HTTP error rate' +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + generation: 1 + labels: + app: kube-prometheus-stack + heritage: Helm + release: prometheus +spec: + groups: + - name: {{ .Release.Namespace }}.{{ .Release.Name }}-solr.rules + rules: + - alert: SolrDown + expr: solr_ping{namespace="{{ .Release.Namespace }}", instance=~"{{ .Release.Name }}-solr-.*"} == 0 + for: 1m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'All Solrcloud instances of {{ .Release.Name }} are down' + description: 'Solrcloud instance of {{ .Release.Name }} are down' + + - alert: ZooKeeperDown + expr: solr_zookeeper_status{namespace="{{ .Release.Namespace }}"} == 0 + for: 1m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'ZooKeeper ensemble for Solrcloud {{ .Release.Name }} is down' + description: 'ZooKeeper ensemble health check failed for Solr cluster {{ .Release.Name }}' + + - alert: SolrHighQueryLatency + expr: | + avg(solr_metrics_core_query_local_p95_ms{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*", + searchHandler="/select" + }) > 500 + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud {{ .Release.Name }} high query latency' + description: 'Solrcloud p95 query latency is >500ms for 5 minutes' + + - alert: SolrLowCacheHitRatio + expr: | + avg(solr_metrics_core_searcher_cache_ratio{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*", + type="queryResultCache", + item="hitratio" + }) < 0.7 + for: 10m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud {{ .Release.Name }} low cache hit ratio' + description: 'Query result cache hit ratio is below 70% for 10 minutes' + + - alert: SolrHighHeapUsage + expr: | + avg(solr_metrics_jvm_memory_heap_bytes{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*", + item="used" + } / + solr_metrics_jvm_memory_heap_bytes{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*", + item="max" + }) > 0.85 + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud {{ .Release.Name }} high JVM heap usage' + description: 'JVM heap usage is above 85% for 5 minutes' + + - alert: SolrReplicaNotActive + expr: solr_collections_replica_state{namespace="{{ .Release.Namespace }}", state!="active"} == 1 + for: 5m + labels: + severity: critical + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud replica {{ .Release.Name }} is not active' + description: 'Solrcloud replica in collection {{ .Release.Name }} has been inactive for 5 minutes' + + - alert: SolrHighGC + expr: | + rate(solr_metrics_jvm_gc_seconds_total{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*" + }[5m]) > 5 + for: 10m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud {{ .Release.Name }} high GC activity' + description: 'JVM garbage collection is taking more than 5 seconds per minute' + + - alert: SolrHighHTTPErrors + expr: | + sum by (instance) ( + rate(solr_metrics_jetty_response_total{ + namespace="{{ .Release.Namespace }}", + instance=~"{{ .Release.Name }}-solr-.*", + status=~"4xx|5xx" + }[5m]) + ) > 10 + for: 5m + labels: + severity: warning + servicealert: "true" + namespace: {{ .Release.Namespace }} + service: {{ .Values.name }} + annotations: + summary: 'Solrcloud {{ .Release.Name }} high HTTP error rate' description: 'HTTP 4xx/5xx error rate is >10 per minute for 5 minutes' \ No newline at end of file diff --git a/charts/solrcloud/templates/configmap.yaml b/charts/solrcloud/templates/configmap.yaml index 68248fc0..49abff4e 100644 --- a/charts/solrcloud/templates/configmap.yaml +++ b/charts/solrcloud/templates/configmap.yaml @@ -1,9 +1,9 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $.Release.Name }}-solrcloud-auth-configmap - namespace: {{ $.Release.Namespace }} -data: - SOLR_HOST: {{ $.Release.Name }}-solrcloud-headless - SOLR_PORT: "8983" +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-solrcloud-auth-configmap + namespace: {{ $.Release.Namespace }} +data: + SOLR_HOST: {{ $.Release.Name }}-solrcloud-headless + SOLR_PORT: "8983" SOLR_USER: "admin" \ No newline at end of file diff --git a/charts/solrcloud/templates/get-password-admin.yaml b/charts/solrcloud/templates/get-password-admin.yaml index 65cd912f..a3ddbb29 100644 --- a/charts/solrcloud/templates/get-password-admin.yaml +++ b/charts/solrcloud/templates/get-password-admin.yaml @@ -1,39 +1,39 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-get-password - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - serviceAccountName: {{ .Release.Name }}-manager-sa - restartPolicy: Never - containers: - - name: kubectl - image: bitnami/kubectl - command: - - /bin/sh - - -c - - | - # Wait for source secret to be available - echo "Waiting for source secret to be available..." - until kubectl get secret {{ .Release.Name }}-solrcloud-security-bootstrap -n {{ .Release.Namespace }}; do - sleep 10 - done - - # Get password from source secret - PASSWORD=$(kubectl get secret {{ .Release.Name }}-solrcloud-security-bootstrap -n {{ .Release.Namespace }} -o jsonpath='{.data.admin}' | base64 --decode) - - # Create or patch destination secret - echo "Creating/updating destination secret with password from source..." - kubectl create secret generic {{ .Release.Name }}-solrcloud-auth-secret \ - -n {{ .Release.Namespace }} \ - --from-literal=SOLR_PASSWORD="$PASSWORD" \ - --type=Opaque \ - --dry-run=client -o yaml | kubectl apply -f - - +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-get-password + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + serviceAccountName: {{ .Release.Name }}-manager-sa + restartPolicy: Never + containers: + - name: kubectl + image: bitnami/kubectl + command: + - /bin/sh + - -c + - | + # Wait for source secret to be available + echo "Waiting for source secret to be available..." + until kubectl get secret {{ .Release.Name }}-solrcloud-security-bootstrap -n {{ .Release.Namespace }}; do + sleep 10 + done + + # Get password from source secret + PASSWORD=$(kubectl get secret {{ .Release.Name }}-solrcloud-security-bootstrap -n {{ .Release.Namespace }} -o jsonpath='{.data.admin}' | base64 --decode) + + # Create or patch destination secret + echo "Creating/updating destination secret with password from source..." + kubectl create secret generic {{ .Release.Name }}-solrcloud-auth-secret \ + -n {{ .Release.Namespace }} \ + --from-literal=SOLR_PASSWORD="$PASSWORD" \ + --type=Opaque \ + --dry-run=client -o yaml | kubectl apply -f - + echo "Password successfully copied!" \ No newline at end of file diff --git a/charts/solrcloud/templates/metricsService.yaml b/charts/solrcloud/templates/metricsService.yaml index e4cf53fe..b91bfa55 100644 --- a/charts/solrcloud/templates/metricsService.yaml +++ b/charts/solrcloud/templates/metricsService.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-solr-metrics-2121 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - service-type: metrics - solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter - annotations: - cloud.google.com/neg: '{"ingress":true}' - prometheus.io/path: /metrics - prometheus.io/scheme: http - prometheus.io/scrape: 'true' -spec: - type: ClusterIP - ports: - - name: solr-metrics - protocol: TCP - appProtocol: http - port: 2121 - targetPort: 8080 - selector: - solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter - technology: solr-prometheus-exporter +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-solr-metrics-2121 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + service-type: metrics + solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter + annotations: + cloud.google.com/neg: '{"ingress":true}' + prometheus.io/path: /metrics + prometheus.io/scheme: http + prometheus.io/scrape: 'true' +spec: + type: ClusterIP + ports: + - name: solr-metrics + protocol: TCP + appProtocol: http + port: 2121 + targetPort: 8080 + selector: + solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter + technology: solr-prometheus-exporter diff --git a/charts/solrcloud/templates/pre-delete-zk-cleanup.yaml b/charts/solrcloud/templates/pre-delete-zk-cleanup.yaml index ee1ffaa9..15ba8126 100644 --- a/charts/solrcloud/templates/pre-delete-zk-cleanup.yaml +++ b/charts/solrcloud/templates/pre-delete-zk-cleanup.yaml @@ -1,71 +1,71 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-manager-sa - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-manager-clusterrole -rules: - - apiGroups: ["zookeeper.pravega.io"] - resources: ["zookeeperclusters"] - verbs: ["get", "list", "delete", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-manager-clusterrolebinding -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-manager-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-manager-clusterrole - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-zk-predelete" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Chart.Name }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - serviceAccountName: {{ .Release.Name }}-manager-sa - restartPolicy: Never - containers: - - name: cleanup-zookeeper - image: bitnami/kubectl:1.33.2 - command: - - /bin/bash - - -c - - | - echo "Deleting ZookeeperClusters in {{ .Release.Namespace }}..." - kubectl delete -f https://archive.apache.org/dist/solr/solr-operator/{{ index .Values "solr-operator" "version" }}/crds/zookeeperclusters.yaml -n {{ .Release.Namespace }} || true - kubectl delete secret {{ .Release.Name }}-solrcloud-auth-secret -n {{ .Release.Namespace }} || true - - echo "Waiting for ZookeeperCluster to terminate..." - for i in {1..30}; do - count=$(kubectl get zookeepercluster -n {{ .Release.Namespace }} --no-headers 2>/dev/null | grep -c "solrclouds-solrcloud-zookeeper" || true) - if [ "$count" -eq 0 ]; then - echo "ZookeeperCluster deleted" - break - fi - echo "Still waiting..." - sleep 5 - done +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-manager-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-manager-clusterrole +rules: + - apiGroups: ["zookeeper.pravega.io"] + resources: ["zookeeperclusters"] + verbs: ["get", "list", "delete", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-manager-clusterrolebinding +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-manager-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-manager-clusterrole + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}-zk-predelete" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + serviceAccountName: {{ .Release.Name }}-manager-sa + restartPolicy: Never + containers: + - name: cleanup-zookeeper + image: bitnami/kubectl:1.33.2 + command: + - /bin/bash + - -c + - | + echo "Deleting ZookeeperClusters in {{ .Release.Namespace }}..." + kubectl delete -f https://archive.apache.org/dist/solr/solr-operator/{{ index .Values "solr-operator" "version" }}/crds/zookeeperclusters.yaml -n {{ .Release.Namespace }} || true + kubectl delete secret {{ .Release.Name }}-solrcloud-auth-secret -n {{ .Release.Namespace }} || true + + echo "Waiting for ZookeeperCluster to terminate..." + for i in {1..30}; do + count=$(kubectl get zookeepercluster -n {{ .Release.Namespace }} --no-headers 2>/dev/null | grep -c "solrclouds-solrcloud-zookeeper" || true) + if [ "$count" -eq 0 ]; then + echo "ZookeeperCluster deleted" + break + fi + echo "Still waiting..." + sleep 5 + done diff --git a/charts/solrcloud/templates/serviceMonitor.yaml b/charts/solrcloud/templates/serviceMonitor.yaml index 954b8fab..cf1dbb40 100644 --- a/charts/solrcloud/templates/serviceMonitor.yaml +++ b/charts/solrcloud/templates/serviceMonitor.yaml @@ -1,19 +1,19 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-solr-metrics - labels: - app: {{ .Release.Name }}-solr-metrics - release: prometheus -spec: - selector: - matchLabels: - solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: solr-metrics - interval: 10s - path: /metrics - scheme: http +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-solr-metrics + labels: + app: {{ .Release.Name }}-solr-metrics + release: prometheus +spec: + selector: + matchLabels: + solr-prometheus-exporter: {{ .Release.Name }}-prom-exporter + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: solr-metrics + interval: 10s + path: /metrics + scheme: http diff --git a/charts/solrcloud/templates/solr-metrics.yaml b/charts/solrcloud/templates/solr-metrics.yaml index 7457f2c5..011f41fd 100644 --- a/charts/solrcloud/templates/solr-metrics.yaml +++ b/charts/solrcloud/templates/solr-metrics.yaml @@ -1,17 +1,17 @@ -apiVersion: solr.apache.org/v1beta1 -kind: SolrPrometheusExporter -metadata: - name: {{ .Release.Name }}-prom-exporter - namespace: {{ .Release.Namespace }} -spec: - customKubeOptions: - podOptions: - resources: - requests: - cpu: 300m - memory: 900Mi - solrReference: - basicAuthSecret: {{ .Release.Name }}-solrcloud-basic-auth - cloud: - name: {{ .Release.Name }} - numThreads: 6 +apiVersion: solr.apache.org/v1beta1 +kind: SolrPrometheusExporter +metadata: + name: {{ .Release.Name }}-prom-exporter + namespace: {{ .Release.Namespace }} +spec: + customKubeOptions: + podOptions: + resources: + requests: + cpu: 300m + memory: 900Mi + solrReference: + basicAuthSecret: {{ .Release.Name }}-solrcloud-basic-auth + cloud: + name: {{ .Release.Name }} + numThreads: 6 diff --git a/charts/solrcloud/templates/solrcloud.yaml b/charts/solrcloud/templates/solrcloud.yaml index 3645b487..a31bcfab 100644 --- a/charts/solrcloud/templates/solrcloud.yaml +++ b/charts/solrcloud/templates/solrcloud.yaml @@ -1,40 +1,40 @@ -apiVersion: solr.apache.org/v1beta1 -kind: SolrCloud -metadata: - name: {{ include "solr.fullname-no-suffix" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "solr.labels" . | nindent 4 }} -spec: - solrImage: - repository: solr - tag: {{ .Values.version | quote}} - solrSecurity: - authenticationType: Basic - solrAddressability: - podPort: 8983 - updateStrategy: - method: "Managed" - availability: - podDisruptionBudget: - enabled: true - method: ClusterWide - scaling: - vacatePodsOnScaleDown: true - populatePodsOnScaleUp: true - dataStorage: - persistent: - reclaimPolicy: "Retain" - pvcTemplate: - metadata: - name: {{ include "solr.fullname-no-suffix" . }}-pvc - spec: - resources: - requests: - storage: {{ .Values.diskSize | quote }} - {{- include "solr.custom-kube-options" . | nindent 2 -}} - zookeeperRef: - provided: - chroot: "/" - replicas: 3 - maxUnavailableReplicas: 1 +apiVersion: solr.apache.org/v1beta1 +kind: SolrCloud +metadata: + name: {{ include "solr.fullname-no-suffix" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "solr.labels" . | nindent 4 }} +spec: + solrImage: + repository: solr + tag: {{ .Values.version | quote}} + solrSecurity: + authenticationType: Basic + solrAddressability: + podPort: 8983 + updateStrategy: + method: "Managed" + availability: + podDisruptionBudget: + enabled: true + method: ClusterWide + scaling: + vacatePodsOnScaleDown: true + populatePodsOnScaleUp: true + dataStorage: + persistent: + reclaimPolicy: "Retain" + pvcTemplate: + metadata: + name: {{ include "solr.fullname-no-suffix" . }}-pvc + spec: + resources: + requests: + storage: {{ .Values.diskSize | quote }} + {{- include "solr.custom-kube-options" . | nindent 2 -}} + zookeeperRef: + provided: + chroot: "/" + replicas: 3 + maxUnavailableReplicas: 1 diff --git a/charts/solrcloud/values.schema.json b/charts/solrcloud/values.schema.json index 634a2548..2f14b8ee 100644 --- a/charts/solrcloud/values.schema.json +++ b/charts/solrcloud/values.schema.json @@ -1,109 +1,109 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "8.11", - "mutable": true - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "500m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "500Mi", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "1000m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "1500Mi", - "mutable": true - } - } - } - } - }, - "diskSize": { - "type": "string", - "default": "20Gi", - "mutable": true, - "editDisabled": true - }, - "solr-operator": { - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "v0.9.0", - "mutable": true - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "100m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "128Mi", - "mutable": true - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "default": "200m", - "mutable": true - }, - "memory": { - "type": "string", - "default": "256Mi", - "mutable": true - } - } - } - } - } - } - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "8.11", + "mutable": true + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "500m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "500Mi", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "1000m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "1500Mi", + "mutable": true + } + } + } + } + }, + "diskSize": { + "type": "string", + "default": "20Gi", + "mutable": true, + "editDisabled": true + }, + "solr-operator": { + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "v0.9.0", + "mutable": true + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "100m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "128Mi", + "mutable": true + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "default": "200m", + "mutable": true + }, + "memory": { + "type": "string", + "default": "256Mi", + "mutable": true + } + } + } + } + } + } + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } } \ No newline at end of file diff --git a/charts/solrcloud/values.yaml b/charts/solrcloud/values.yaml index 0b1a208c..ff8e437e 100644 --- a/charts/solrcloud/values.yaml +++ b/charts/solrcloud/values.yaml @@ -1,21 +1,21 @@ -version: "8.11" - -resources: - requests: - cpu: "500m" - memory: "500Mi" - limits: - cpu: "1000m" - memory: "1500Mi" - -diskSize : "20Gi" - -solr-operator: - version : "v0.9.0" - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" +version: "8.11" + +resources: + requests: + cpu: "500m" + memory: "500Mi" + limits: + cpu: "1000m" + memory: "1500Mi" + +diskSize : "20Gi" + +solr-operator: + version : "v0.9.0" + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" memory: "256Mi" \ No newline at end of file diff --git a/charts/superset/Chart.lock b/charts/superset/Chart.lock index d94911df..834a17ba 100644 --- a/charts/superset/Chart.lock +++ b/charts/superset/Chart.lock @@ -1,9 +1,9 @@ -dependencies: -- name: postgres - repository: https://helm.zop.dev - version: v0.0.6 -- name: redis - repository: https://helm.zop.dev - version: v0.0.1 -digest: sha256:6b796c78768fdbc7da79de8f150d549203027c233686329367bf8058d24291b0 -generated: "2025-04-14T16:48:01.756142+05:30" +dependencies: +- name: postgres + repository: https://helm.zop.dev + version: v0.0.6 +- name: redis + repository: https://helm.zop.dev + version: v0.0.1 +digest: sha256:6b796c78768fdbc7da79de8f150d549203027c233686329367bf8058d24291b0 +generated: "2025-04-14T16:48:01.756142+05:30" diff --git a/charts/superset/Chart.yaml b/charts/superset/Chart.yaml index d634358a..3303cbc8 100644 --- a/charts/superset/Chart.yaml +++ b/charts/superset/Chart.yaml @@ -1,21 +1,21 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for Deploying Apache Superset -name: superset -version: 0.0.5 -type: application -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png" -maintainers: - - name: ZopDev - url: zop.dev -dependencies: - - condition: postgres.enabled - name: postgres - version: 0.0.6 - repository: https://helm.zop.dev - - condition: redis.enabled - name: redis - version: 0.0.1 - repository: https://helm.zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for Deploying Apache Superset +name: superset +version: 0.0.5 +type: application +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png" +maintainers: + - name: ZopDev + url: zop.dev +dependencies: + - condition: postgres.enabled + name: postgres + version: 0.0.6 + repository: https://helm.zop.dev + - condition: redis.enabled + name: redis + version: 0.0.1 + repository: https://helm.zop.dev +annotations: type: application \ No newline at end of file diff --git a/charts/superset/README.md b/charts/superset/README.md index 21e92654..e3f468be 100644 --- a/charts/superset/README.md +++ b/charts/superset/README.md @@ -1,301 +1,301 @@ -# Apache Superset Helm Chart - -This Helm chart deploys Apache Superset on Kubernetes, providing a modern, enterprise-ready business intelligence web application. Superset enables users to create and share interactive dashboards, perform data exploration, and visualize data through a rich set of charts and graphs. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- PostgreSQL database (automatically installed as a dependency) -- Redis instance (automatically installed as a dependency) - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Dependencies - -Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: - -```bash -helm dependency build -``` - -This command will: -1. Read the dependencies from `Chart.yaml` -2. Download the required charts (PostgreSQL and Redis) from the specified repositories -3. Store them in the `charts/` directory -4. Create or update the `Chart.lock` file with the exact versions - -If you encounter any issues with the dependencies, you can try: -```bash -helm dependency update # Updates dependencies to the latest versions -``` - -This chart requires the following dependencies to be installed: - -### PostgreSQL -- **Condition**: `postgres.enabled` -- **Chart**: `postgres` -- **Version**: `0.0.6` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Provides the primary database for Superset metadata storage - -### Redis -- **Condition**: `redis.enabled` -- **Chart**: `redis` -- **Version**: `0.0.1` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Used for caching and as a message broker for Celery tasks - -To install these dependencies automatically, ensure the following in your `values.yaml`: - -```yaml -postgres: - enabled: true - # Additional PostgreSQL configuration... - -redis: - enabled: true - # Additional Redis configuration... -``` - -The dependencies will be automatically installed when you deploy the Superset chart. You can customize their configuration through the respective sections in your `values.yaml` file. - - -## Install Helm Chart - -To deploy the Superset Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/superset -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-superset zopdev/superset -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Superset Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-superset -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The Superset Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### Service Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `service.nginx.host` | `string` | Hostname for the Superset service. | `""` | -| `service.nginx.tlshost` | `string` | TLS hostname for HTTPS access. | `""` | -| `service.nginx.tlsSecretname`| `string` | Name of the TLS secret for HTTPS. | `""` | - -### Resource Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `resources.requests.cpu` | `string` | Minimum CPU resources required. | `"250m"` | -| `resources.requests.memory` | `string` | Minimum memory resources required. | `"250Mi"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources allowed. | `"500m"` | -| `resources.limits.memory` | `string` | Maximum memory resources allowed. | `"500Mi"` | - -### Superset Node Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `supersetNode.connections.redis_host` | `string` | Redis host address. | `"{{ .Release.Name }}-redis-headless-service"` | -| `supersetNode.connections.redis_port` | `string` | Redis port number. | `"6379"` | -| `supersetNode.connections.db_host` | `string` | PostgreSQL host address. | `"{{ .Release.Name }}-postgres"` | -| `supersetNode.connections.db_port` | `string` | PostgreSQL port number. | `"5432"` | -| `supersetNode.connections.db_user` | `string` | PostgreSQL username. | `"superset_user"` | -| `supersetNode.connections.db_pass` | `string` | PostgreSQL password. | `"superset"` | -| `supersetNode.connections.db_name` | `string` | PostgreSQL database name. | `"superset"` | - -### Initialization Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `init.createAdmin` | `boolean` | Whether to create an admin user. | `true` | -| `init.adminUser.username` | `string` | Admin username. | `"admin"` | -| `init.adminUser.firstname` | `string` | Admin first name. | `"Superset"` | -| `init.adminUser.lastname` | `string` | Admin last name. | `"Admin"` | -| `init.adminUser.email` | `string` | Admin email address. | `"admin@superset.com"` | -| `init.adminUser.password` | `string` | Admin password. | `"admin"` | - -### Celery Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `supersetCeleryBeat.enabled` | `boolean` | Whether to enable Celery Beat. | `false` | -| `supersetCeleryFlower.enabled` | `boolean` | Whether to enable Celery Flower. | `false` | - ---- - -## Example `values.yaml` - -```yaml -service: - nginx: - host : - tlshost : - tlsSecretname : - -resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - -# SuperSet Configs -supersetNode: - connections: - # Redis Configs - redis_host: "{{ .Release.Name }}-redis-headless-service" - redis_port: "6379" - redis_user: "" - redis_cache_db: "1" - redis_celery_db: "0" - redis_ssl: - enabled: false - ssl_cert_reqs: CERT_NONE - - # Postgresql Configs - db_host: "{{ .Release.Name }}-postgres" - db_port: "5432" - db_user: superset_user - db_pass: superset - db_name: superset - - # Feature flags configuration - featureFlags: {} - - # Additional Superset configurations - config: {} - -supersetCeleryBeat: - enabled: false - -supersetCeleryFlower: - enabled: false - -init: - createAdmin: true - adminUser: - username: admin - firstname: Superset - lastname: Admin - email: admin@superset.com - password: admin - -postgres: - enabled: true - postgresRootPassword: "superset" - services: - - name : superset - password : superset - database : superset - -redis: - enabled: true -``` - ---- - -## Features - -- Deploys Apache Superset with all dependencies -- Automatic PostgreSQL database setup -- Redis integration for caching and task queue -- Configurable resource limits and requests -- Automatic admin user creation -- Database initialization and schema upgrades -- Optional Celery integration for async tasks -- Customizable feature flags -- Data source import support -- Role-based access control -- HTTPS support - ---- - -## Architecture - -The Superset deployment includes: -- Superset web application -- PostgreSQL database (dependency) -- Redis instance (dependency) -- Optional Celery workers -- Optional Celery Beat scheduler -- Optional Celery Flower monitoring -- Database initialization jobs -- Ingress configuration for external access -- Environment variable configuration -- Database connection management - ---- - -## Security Features - -- Configurable admin user creation -- Database password management -- HTTPS support -- Role-based access control -- Secure environment variable handling -- Resource limits and requests -- Database SSL configuration - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Apache Superset Helm Chart + +This Helm chart deploys Apache Superset on Kubernetes, providing a modern, enterprise-ready business intelligence web application. Superset enables users to create and share interactive dashboards, perform data exploration, and visualize data through a rich set of charts and graphs. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- PostgreSQL database (automatically installed as a dependency) +- Redis instance (automatically installed as a dependency) + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Dependencies + +Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: + +```bash +helm dependency build +``` + +This command will: +1. Read the dependencies from `Chart.yaml` +2. Download the required charts (PostgreSQL and Redis) from the specified repositories +3. Store them in the `charts/` directory +4. Create or update the `Chart.lock` file with the exact versions + +If you encounter any issues with the dependencies, you can try: +```bash +helm dependency update # Updates dependencies to the latest versions +``` + +This chart requires the following dependencies to be installed: + +### PostgreSQL +- **Condition**: `postgres.enabled` +- **Chart**: `postgres` +- **Version**: `0.0.6` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Provides the primary database for Superset metadata storage + +### Redis +- **Condition**: `redis.enabled` +- **Chart**: `redis` +- **Version**: `0.0.1` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Used for caching and as a message broker for Celery tasks + +To install these dependencies automatically, ensure the following in your `values.yaml`: + +```yaml +postgres: + enabled: true + # Additional PostgreSQL configuration... + +redis: + enabled: true + # Additional Redis configuration... +``` + +The dependencies will be automatically installed when you deploy the Superset chart. You can customize their configuration through the respective sections in your `values.yaml` file. + + +## Install Helm Chart + +To deploy the Superset Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/superset +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-superset zopdev/superset +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Superset Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-superset +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The Superset Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### Service Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `service.nginx.host` | `string` | Hostname for the Superset service. | `""` | +| `service.nginx.tlshost` | `string` | TLS hostname for HTTPS access. | `""` | +| `service.nginx.tlsSecretname`| `string` | Name of the TLS secret for HTTPS. | `""` | + +### Resource Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `resources.requests.cpu` | `string` | Minimum CPU resources required. | `"250m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required. | `"250Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources allowed. | `"500m"` | +| `resources.limits.memory` | `string` | Maximum memory resources allowed. | `"500Mi"` | + +### Superset Node Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `supersetNode.connections.redis_host` | `string` | Redis host address. | `"{{ .Release.Name }}-redis-headless-service"` | +| `supersetNode.connections.redis_port` | `string` | Redis port number. | `"6379"` | +| `supersetNode.connections.db_host` | `string` | PostgreSQL host address. | `"{{ .Release.Name }}-postgres"` | +| `supersetNode.connections.db_port` | `string` | PostgreSQL port number. | `"5432"` | +| `supersetNode.connections.db_user` | `string` | PostgreSQL username. | `"superset_user"` | +| `supersetNode.connections.db_pass` | `string` | PostgreSQL password. | `"superset"` | +| `supersetNode.connections.db_name` | `string` | PostgreSQL database name. | `"superset"` | + +### Initialization Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `init.createAdmin` | `boolean` | Whether to create an admin user. | `true` | +| `init.adminUser.username` | `string` | Admin username. | `"admin"` | +| `init.adminUser.firstname` | `string` | Admin first name. | `"Superset"` | +| `init.adminUser.lastname` | `string` | Admin last name. | `"Admin"` | +| `init.adminUser.email` | `string` | Admin email address. | `"admin@superset.com"` | +| `init.adminUser.password` | `string` | Admin password. | `"admin"` | + +### Celery Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `supersetCeleryBeat.enabled` | `boolean` | Whether to enable Celery Beat. | `false` | +| `supersetCeleryFlower.enabled` | `boolean` | Whether to enable Celery Flower. | `false` | + +--- + +## Example `values.yaml` + +```yaml +service: + nginx: + host : + tlshost : + tlsSecretname : + +resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + +# SuperSet Configs +supersetNode: + connections: + # Redis Configs + redis_host: "{{ .Release.Name }}-redis-headless-service" + redis_port: "6379" + redis_user: "" + redis_cache_db: "1" + redis_celery_db: "0" + redis_ssl: + enabled: false + ssl_cert_reqs: CERT_NONE + + # Postgresql Configs + db_host: "{{ .Release.Name }}-postgres" + db_port: "5432" + db_user: superset_user + db_pass: superset + db_name: superset + + # Feature flags configuration + featureFlags: {} + + # Additional Superset configurations + config: {} + +supersetCeleryBeat: + enabled: false + +supersetCeleryFlower: + enabled: false + +init: + createAdmin: true + adminUser: + username: admin + firstname: Superset + lastname: Admin + email: admin@superset.com + password: admin + +postgres: + enabled: true + postgresRootPassword: "superset" + services: + - name : superset + password : superset + database : superset + +redis: + enabled: true +``` + +--- + +## Features + +- Deploys Apache Superset with all dependencies +- Automatic PostgreSQL database setup +- Redis integration for caching and task queue +- Configurable resource limits and requests +- Automatic admin user creation +- Database initialization and schema upgrades +- Optional Celery integration for async tasks +- Customizable feature flags +- Data source import support +- Role-based access control +- HTTPS support + +--- + +## Architecture + +The Superset deployment includes: +- Superset web application +- PostgreSQL database (dependency) +- Redis instance (dependency) +- Optional Celery workers +- Optional Celery Beat scheduler +- Optional Celery Flower monitoring +- Database initialization jobs +- Ingress configuration for external access +- Environment variable configuration +- Database connection management + +--- + +## Security Features + +- Configurable admin user creation +- Database password management +- HTTPS support +- Role-based access control +- Secure environment variable handling +- Resource limits and requests +- Database SSL configuration + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/superset/templates/_helpers.tpl b/charts/superset/templates/_helpers.tpl index 70aebefa..f0eaeaf9 100644 --- a/charts/superset/templates/_helpers.tpl +++ b/charts/superset/templates/_helpers.tpl @@ -1,135 +1,135 @@ -{{- define "generateBase64Key" -}} -{{ randAlphaNum 32 | b64enc }} -{{- end -}} - -{{- define "superset.name" -}} - {{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "superset.fullname" -}} - {{- printf "%s-superset" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "superset.chart" -}} - {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "superset-config" }} -import os -from flask_caching.backends.rediscache import RedisCache - -def env(key, default=None): - return os.getenv(key, default) - -# Redis Base URL -{{- if .Values.supersetNode.connections.redis_password }} -REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}" -{{- else }} -REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}" -{{- end }} - -# Redis URL Params -{{- if .Values.supersetNode.connections.redis_ssl.enabled }} -REDIS_URL_PARAMS = f"?ssl_cert_reqs={env('REDIS_SSL_CERT_REQS')}" -{{- else }} -REDIS_URL_PARAMS = "" -{{- end}} - -# Build Redis URLs -CACHE_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_DB', 1)}{REDIS_URL_PARAMS}" -CELERY_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_CELERY_DB', 0)}{REDIS_URL_PARAMS}" - -MAPBOX_API_KEY = env('MAPBOX_API_KEY', '') -CACHE_CONFIG = { - 'CACHE_TYPE': 'RedisCache', - 'CACHE_DEFAULT_TIMEOUT': 300, - 'CACHE_KEY_PREFIX': 'superset_', - 'CACHE_REDIS_URL': CACHE_REDIS_URL, -} -DATA_CACHE_CONFIG = CACHE_CONFIG - -SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}" -SQLALCHEMY_TRACK_MODIFICATIONS = True - -class CeleryConfig: - imports = ("superset.sql_lab", ) - broker_url = CELERY_REDIS_URL - result_backend = CELERY_REDIS_URL - -CELERY_CONFIG = CeleryConfig -RESULTS_BACKEND = RedisCache( - host=env('REDIS_HOST'), - {{- if .Values.supersetNode.connections.redis_password }} - password=env('REDIS_PASSWORD'), - {{- end }} - port=env('REDIS_PORT'), - key_prefix='superset_results', - {{- if .Values.supersetNode.connections.redis_ssl.enabled }} - ssl=True, - ssl_cert_reqs=env('REDIS_SSL_CERT_REQS'), - {{- end }} -) - -# Feature Flags -FEATURE_FLAGS = { - {{- if .Values.supersetNode.featureFlags }} - {{- range $key, $value := .Values.supersetNode.featureFlags }} - "{{ $key }}": {{ $value }}, - {{- end }} - {{- end }} -} - -# Additional Configurations -{{- if .Values.supersetNode.config }} -{{- range $key, $value := .Values.supersetNode.config }} -{{- if eq (typeOf $value) "string" }} -{{- if hasPrefix "{" $value }} -{{ $key }} = {{ $value }} -{{- else if eq $value "True" }} -{{ $key }} = True -{{- else if eq $value "False" }} -{{ $key }} = False -{{- else }} -{{ $key }} = '{{ $value }}' -{{- end }} -{{- else }} -{{ $key }} = {{ $value }} -{{- end }} -{{- end }} -{{- end }} - -{{ if .Values.configOverrides }} -# Overrides -{{- range $key, $value := .Values.configOverrides }} -{{ $key }} = '{{ tpl $value $ }}' -{{- end }} -{{- else }} -# Default Overrides -{{ tpl (printf "SECRET_KEY = '%s'" (include "generateBase64Key" .)) . }} -{{- end }} -{{- end -}} - -{{- define "supersetCeleryBeat.selectorLabels" -}} -app: {{ include "superset.name" . }}-celerybeat -release: {{ .Release.Name }} -{{- end -}} - -{{- define "supersetCeleryFlower.selectorLabels" -}} -app: {{ include "superset.name" . }}-flower -release: {{ .Release.Name }} -{{- end -}} - -{{- define "supersetNode.selectorLabels" -}} -app: {{ include "superset.name" . }} -release: {{ .Release.Name }} -{{- end -}} - -{{- define "supersetWebsockets.selectorLabels" -}} -app: {{ include "superset.name" . }}-ws -release: {{ .Release.Name }} -{{- end -}} - -{{- define "supersetWorker.selectorLabels" -}} -app: {{ include "superset.name" . }}-worker -release: {{ .Release.Name }} +{{- define "generateBase64Key" -}} +{{ randAlphaNum 32 | b64enc }} +{{- end -}} + +{{- define "superset.name" -}} + {{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "superset.fullname" -}} + {{- printf "%s-superset" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "superset.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "superset-config" }} +import os +from flask_caching.backends.rediscache import RedisCache + +def env(key, default=None): + return os.getenv(key, default) + +# Redis Base URL +{{- if .Values.supersetNode.connections.redis_password }} +REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}" +{{- else }} +REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}" +{{- end }} + +# Redis URL Params +{{- if .Values.supersetNode.connections.redis_ssl.enabled }} +REDIS_URL_PARAMS = f"?ssl_cert_reqs={env('REDIS_SSL_CERT_REQS')}" +{{- else }} +REDIS_URL_PARAMS = "" +{{- end}} + +# Build Redis URLs +CACHE_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_DB', 1)}{REDIS_URL_PARAMS}" +CELERY_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_CELERY_DB', 0)}{REDIS_URL_PARAMS}" + +MAPBOX_API_KEY = env('MAPBOX_API_KEY', '') +CACHE_CONFIG = { + 'CACHE_TYPE': 'RedisCache', + 'CACHE_DEFAULT_TIMEOUT': 300, + 'CACHE_KEY_PREFIX': 'superset_', + 'CACHE_REDIS_URL': CACHE_REDIS_URL, +} +DATA_CACHE_CONFIG = CACHE_CONFIG + +SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}" +SQLALCHEMY_TRACK_MODIFICATIONS = True + +class CeleryConfig: + imports = ("superset.sql_lab", ) + broker_url = CELERY_REDIS_URL + result_backend = CELERY_REDIS_URL + +CELERY_CONFIG = CeleryConfig +RESULTS_BACKEND = RedisCache( + host=env('REDIS_HOST'), + {{- if .Values.supersetNode.connections.redis_password }} + password=env('REDIS_PASSWORD'), + {{- end }} + port=env('REDIS_PORT'), + key_prefix='superset_results', + {{- if .Values.supersetNode.connections.redis_ssl.enabled }} + ssl=True, + ssl_cert_reqs=env('REDIS_SSL_CERT_REQS'), + {{- end }} +) + +# Feature Flags +FEATURE_FLAGS = { + {{- if .Values.supersetNode.featureFlags }} + {{- range $key, $value := .Values.supersetNode.featureFlags }} + "{{ $key }}": {{ $value }}, + {{- end }} + {{- end }} +} + +# Additional Configurations +{{- if .Values.supersetNode.config }} +{{- range $key, $value := .Values.supersetNode.config }} +{{- if eq (typeOf $value) "string" }} +{{- if hasPrefix "{" $value }} +{{ $key }} = {{ $value }} +{{- else if eq $value "True" }} +{{ $key }} = True +{{- else if eq $value "False" }} +{{ $key }} = False +{{- else }} +{{ $key }} = '{{ $value }}' +{{- end }} +{{- else }} +{{ $key }} = {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{ if .Values.configOverrides }} +# Overrides +{{- range $key, $value := .Values.configOverrides }} +{{ $key }} = '{{ tpl $value $ }}' +{{- end }} +{{- else }} +# Default Overrides +{{ tpl (printf "SECRET_KEY = '%s'" (include "generateBase64Key" .)) . }} +{{- end }} +{{- end -}} + +{{- define "supersetCeleryBeat.selectorLabels" -}} +app: {{ include "superset.name" . }}-celerybeat +release: {{ .Release.Name }} +{{- end -}} + +{{- define "supersetCeleryFlower.selectorLabels" -}} +app: {{ include "superset.name" . }}-flower +release: {{ .Release.Name }} +{{- end -}} + +{{- define "supersetNode.selectorLabels" -}} +app: {{ include "superset.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{- define "supersetWebsockets.selectorLabels" -}} +app: {{ include "superset.name" . }}-ws +release: {{ .Release.Name }} +{{- end -}} + +{{- define "supersetWorker.selectorLabels" -}} +app: {{ include "superset.name" . }}-worker +release: {{ .Release.Name }} {{- end -}} \ No newline at end of file diff --git a/charts/superset/templates/beat/deployment.yaml b/charts/superset/templates/beat/deployment.yaml index a7cea6dc..a318698f 100644 --- a/charts/superset/templates/beat/deployment.yaml +++ b/charts/superset/templates/beat/deployment.yaml @@ -1,88 +1,88 @@ -{{- if .Values.supersetCeleryBeat.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "superset.fullname" . }}-celerybeat - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }}-celerybeat - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} - -spec: - replicas: 1 - selector: - matchLabels: - {{- include "supersetCeleryBeat.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} - checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} - checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} - labels: - app: "{{ template "superset.name" . }}-celerybeat" - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 0 - initContainers: - - name: wait-for-postgres-redis - image: apache/superset:dockerize - imagePullPolicy: IfNotPresent - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: '{{ template "superset.fullname" . }}-env' - command: - - /bin/sh - - -c - - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s - containers: - - name: "{{ .Chart.Name }}-celerybeat" - image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-c" - - ". /app/pythonpath/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app beat --pidfile /tmp/celerybeat.pid --schedule /tmp/celerybeat-schedule" - env: - - name: "SUPERSET_PORT" - value: "8088" - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key | quote}} - value: {{ $value | quote }} - {{- end }} - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: {{ template "superset.fullname" . }}-env - volumeMounts: - - name: superset-config - mountPath: "/app/pythonpath" - readOnly: true - resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - volumes: - - name: superset-config - secret: - secretName: {{ template "superset.fullname" . }}-config -{{- end -}} +{{- if .Values.supersetCeleryBeat.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "superset.fullname" . }}-celerybeat + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }}-celerybeat + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + +spec: + replicas: 1 + selector: + matchLabels: + {{- include "supersetCeleryBeat.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} + checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} + checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} + labels: + app: "{{ template "superset.name" . }}-celerybeat" + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: wait-for-postgres-redis + image: apache/superset:dockerize + imagePullPolicy: IfNotPresent + env: + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: '{{ template "superset.fullname" . }}-env' + command: + - /bin/sh + - -c + - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s + containers: + - name: "{{ .Chart.Name }}-celerybeat" + image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - ". /app/pythonpath/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app beat --pidfile /tmp/celerybeat.pid --schedule /tmp/celerybeat-schedule" + env: + - name: "SUPERSET_PORT" + value: "8088" + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key | quote}} + value: {{ $value | quote }} + {{- end }} + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: {{ template "superset.fullname" . }}-env + volumeMounts: + - name: superset-config + mountPath: "/app/pythonpath" + readOnly: true + resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + volumes: + - name: superset-config + secret: + secretName: {{ template "superset.fullname" . }}-config +{{- end -}} diff --git a/charts/superset/templates/env-secrets.yaml b/charts/superset/templates/env-secrets.yaml index 66fdfe5e..ade89131 100644 --- a/charts/superset/templates/env-secrets.yaml +++ b/charts/superset/templates/env-secrets.yaml @@ -1,26 +1,26 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "superset.fullname" . }}-env - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.fullname" . }} - chart: {{ template "superset.chart" . }} - release: "{{ .Release.Name }}" -type: Opaque -stringData: - REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }} - REDIS_USER: {{ .Values.supersetNode.connections.redis_user | quote }} - {{- if .Values.supersetNode.connections.redis_password }} - REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }} - {{- end }} - REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }} - REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }} - REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }} - REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }} - {{- if .Values.supersetNode.connections.redis_ssl.enabled }} - REDIS_SSL_CERT_REQS: {{ .Values.supersetNode.connections.redis_ssl.ssl_cert_reqs | default "CERT_NONE" | quote }} - {{- end }} - DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }} - DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "superset.fullname" . }}-env + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.fullname" . }} + chart: {{ template "superset.chart" . }} + release: "{{ .Release.Name }}" +type: Opaque +stringData: + REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }} + REDIS_USER: {{ .Values.supersetNode.connections.redis_user | quote }} + {{- if .Values.supersetNode.connections.redis_password }} + REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }} + {{- end }} + REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }} + REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }} + REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }} + REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }} + {{- if .Values.supersetNode.connections.redis_ssl.enabled }} + REDIS_SSL_CERT_REQS: {{ .Values.supersetNode.connections.redis_ssl.ssl_cert_reqs | default "CERT_NONE" | quote }} + {{- end }} + DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }} + DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }} DB_NAME: {{ .Values.supersetNode.connections.db_name | quote }} \ No newline at end of file diff --git a/charts/superset/templates/flower/deployment.yaml b/charts/superset/templates/flower/deployment.yaml index eb643182..8c47b4e2 100644 --- a/charts/superset/templates/flower/deployment.yaml +++ b/charts/superset/templates/flower/deployment.yaml @@ -1,111 +1,111 @@ -{{- if .Values.supersetCeleryFlower.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "superset.fullname" . }}-flower - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }}-flower - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "supersetCeleryFlower.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include "superset-config" . | sha256sum }} - labels: - app: "{{ template "superset.name" . }}-flower" - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 0 - initContainers: - - name: wait-for-postgres-redis - image: apache/superset:dockerize - imagePullPolicy: IfNotPresent - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: '{{ template "superset.fullname" . }}-env' - command: - - /bin/sh - - -c - - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s - containers: - - name: "{{ .Chart.Name }}-flower" - image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-c" - - pip install psycopg2-binary==2.9.6 - - "celery --app=superset.tasks.celery_app:app flower" - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: {{ template "superset.fullname" . }}-env - ports: - - name: flower - containerPort: 5555 - protocol: TCP - volumeMounts: - - name: superset-config - mountPath: "/app/pythonpath" - readOnly: true - startupProbe: - httpGet: - path: /api/workers - port: flower - initialDelaySeconds: 5 - timeoutSeconds: 1 - failureThreshold: 60 - periodSeconds: 5 - successThreshold: 1 - readinessProbe: - httpGet: - path: /api/workers - port: flower - initialDelaySeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - periodSeconds: 5 - successThreshold: 1 - livenessProbe: - httpGet: - path: /api/workers - port: flower - initialDelaySeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - periodSeconds: 5 - successThreshold: 1 - resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - volumes: - - name: superset-config - secret: - secretName: {{ template "superset.fullname" . }}-config -{{- end -}} +{{- if .Values.supersetCeleryFlower.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "superset.fullname" . }}-flower + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }}-flower + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "supersetCeleryFlower.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "superset-config" . | sha256sum }} + labels: + app: "{{ template "superset.name" . }}-flower" + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: wait-for-postgres-redis + image: apache/superset:dockerize + imagePullPolicy: IfNotPresent + env: + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: '{{ template "superset.fullname" . }}-env' + command: + - /bin/sh + - -c + - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s + containers: + - name: "{{ .Chart.Name }}-flower" + image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - pip install psycopg2-binary==2.9.6 + - "celery --app=superset.tasks.celery_app:app flower" + env: + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: {{ template "superset.fullname" . }}-env + ports: + - name: flower + containerPort: 5555 + protocol: TCP + volumeMounts: + - name: superset-config + mountPath: "/app/pythonpath" + readOnly: true + startupProbe: + httpGet: + path: /api/workers + port: flower + initialDelaySeconds: 5 + timeoutSeconds: 1 + failureThreshold: 60 + periodSeconds: 5 + successThreshold: 1 + readinessProbe: + httpGet: + path: /api/workers + port: flower + initialDelaySeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + periodSeconds: 5 + successThreshold: 1 + livenessProbe: + httpGet: + path: /api/workers + port: flower + initialDelaySeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + periodSeconds: 5 + successThreshold: 1 + resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + volumes: + - name: superset-config + secret: + secretName: {{ template "superset.fullname" . }}-config +{{- end -}} diff --git a/charts/superset/templates/flower/service.yaml b/charts/superset/templates/flower/service.yaml index b95c24cc..bd0aad28 100644 --- a/charts/superset/templates/flower/service.yaml +++ b/charts/superset/templates/flower/service.yaml @@ -1,21 +1,21 @@ -{{- if .Values.supersetCeleryFlower.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "superset.fullname" . }}-flower" - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - port: 5555 - targetPort: flower - protocol: TCP - name: flower - selector: - app: {{ template "superset.name" . }}-flower - release: {{ .Release.Name }} -{{- end }} +{{- if .Values.supersetCeleryFlower.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "superset.fullname" . }}-flower" + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: 5555 + targetPort: flower + protocol: TCP + name: flower + selector: + app: {{ template "superset.name" . }}-flower + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/superset/templates/init-job.yaml b/charts/superset/templates/init-job.yaml index 01cfecb2..51889d68 100644 --- a/charts/superset/templates/init-job.yaml +++ b/charts/superset/templates/init-job.yaml @@ -1,73 +1,73 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "superset.fullname" . }}-init-db - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": "before-hook-creation" -spec: - template: - metadata: - name: {{ template "superset.fullname" . }}-init-db - spec: - securityContext: - runAsUser: 0 - initContainers: - - name: wait-for-postgres - image: apache/superset:dockerize - imagePullPolicy: IfNotPresent - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: '{{ template "superset.fullname" . }}-env' - command: - - /bin/sh - - -c - - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s - containers: - - name: {{ template "superset.name" . }}-init-db - image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: {{ template "superset.fullname" . }}-env - imagePullPolicy: IfNotPresent - volumeMounts: - - name: superset-config - mountPath: "/app/pythonpath" - readOnly: true - command: - - "/bin/sh" - - "-c" - - ". /app/pythonpath/superset_bootstrap.sh; . /app/pythonpath/superset_init.sh" - resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - volumes: - - name: superset-config - secret: - secretName: {{ template "superset.fullname" . }}-config - restartPolicy: Never +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "superset.fullname" . }}-init-db + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + template: + metadata: + name: {{ template "superset.fullname" . }}-init-db + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: wait-for-postgres + image: apache/superset:dockerize + imagePullPolicy: IfNotPresent + env: + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: '{{ template "superset.fullname" . }}-env' + command: + - /bin/sh + - -c + - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s + containers: + - name: {{ template "superset.name" . }}-init-db + image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" + env: + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: {{ template "superset.fullname" . }}-env + imagePullPolicy: IfNotPresent + volumeMounts: + - name: superset-config + mountPath: "/app/pythonpath" + readOnly: true + command: + - "/bin/sh" + - "-c" + - ". /app/pythonpath/superset_bootstrap.sh; . /app/pythonpath/superset_init.sh" + resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + volumes: + - name: superset-config + secret: + secretName: {{ template "superset.fullname" . }}-config + restartPolicy: Never diff --git a/charts/superset/templates/node/deployment.yaml b/charts/superset/templates/node/deployment.yaml index 11036519..efe31f87 100644 --- a/charts/superset/templates/node/deployment.yaml +++ b/charts/superset/templates/node/deployment.yaml @@ -1,110 +1,110 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "superset.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "supersetNode.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} - checksum/superset_init.sh: {{ tpl .Values.init.initscript . | sha256sum }} - checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} - checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} - labels: - app: {{ template "superset.name" . }} - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 0 - initContainers: - - name: wait-for-postgres - image: apache/superset:dockerize - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: '{{ template "superset.fullname" . }}-env' - command: - - /bin/sh - - -c - - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s - containers: - - name: {{ .Chart.Name }} - image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-c" - - ". /app/pythonpath/superset_bootstrap.sh; /usr/bin/run-server.sh" - env: - - name: "SUPERSET_PORT" - value: "8088" - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key | quote}} - value: {{ $value | quote }} - {{- end }} - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: {{ template "superset.fullname" . }}-env - volumeMounts: - - name: superset-config - mountPath: "/app/pythonpath" - readOnly: true - ports: - - name: http - containerPort: 8088 - protocol: TCP - startupProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 15 - timeoutSeconds: 1 - failureThreshold: 60 - periodSeconds: 5 - successThreshold: 1 - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 15 - timeoutSeconds: 1 - failureThreshold: 3 - periodSeconds: 15 - successThreshold: 1 - - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 15 - timeoutSeconds: 1 - failureThreshold: 3 - periodSeconds: 15 - successThreshold: 1 - resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - volumes: - - name: superset-config - secret: - secretName: {{ template "superset.fullname" . }}-config +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "superset.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "supersetNode.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} + checksum/superset_init.sh: {{ tpl .Values.init.initscript . | sha256sum }} + checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} + checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} + labels: + app: {{ template "superset.name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: wait-for-postgres + image: apache/superset:dockerize + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: '{{ template "superset.fullname" . }}-env' + command: + - /bin/sh + - -c + - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s + containers: + - name: {{ .Chart.Name }} + image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - ". /app/pythonpath/superset_bootstrap.sh; /usr/bin/run-server.sh" + env: + - name: "SUPERSET_PORT" + value: "8088" + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key | quote}} + value: {{ $value | quote }} + {{- end }} + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: {{ template "superset.fullname" . }}-env + volumeMounts: + - name: superset-config + mountPath: "/app/pythonpath" + readOnly: true + ports: + - name: http + containerPort: 8088 + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 15 + timeoutSeconds: 1 + failureThreshold: 60 + periodSeconds: 5 + successThreshold: 1 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 15 + timeoutSeconds: 1 + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 15 + timeoutSeconds: 1 + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + volumes: + - name: superset-config + secret: + secretName: {{ template "superset.fullname" . }}-config diff --git a/charts/superset/templates/node/hpa.yaml b/charts/superset/templates/node/hpa.yaml index 2ac7c266..22f68795 100644 --- a/charts/superset/templates/node/hpa.yaml +++ b/charts/superset/templates/node/hpa.yaml @@ -1,28 +1,28 @@ -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "superset.fullname" . }}-hpa - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "superset.fullname" . }} - minReplicas: 1 - maxReplicas: 15 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "superset.fullname" . }}-hpa + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "superset.fullname" . }} + minReplicas: 1 + maxReplicas: 15 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/charts/superset/templates/node/ingress.yaml b/charts/superset/templates/node/ingress.yaml index 730c4147..93857915 100644 --- a/charts/superset/templates/node/ingress.yaml +++ b/charts/superset/templates/node/ingress.yaml @@ -1,30 +1,30 @@ -{{- if and .Values.service.nginx .Values.service.nginx.host }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-superset - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }} - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: "" - nginx.ingress.kubernetes.io/auth-secret: "" - nginx.ingress.kubernetes.io/auth-type: "" -spec: - rules: - - host: {{ .Values.service.nginx.host }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ template "superset.fullname" . }} - port: - number: 8088 - tls: - - hosts: - - '{{ .Values.service.nginx.tlshost | default .Values.service.nginx.host }}' - secretName: {{ .Values.service.nginx.tlsSecretname | default "tls-secret-replica" }} +{{- if and .Values.service.nginx .Values.service.nginx.host }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-superset + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: "" + nginx.ingress.kubernetes.io/auth-secret: "" + nginx.ingress.kubernetes.io/auth-type: "" +spec: + rules: + - host: {{ .Values.service.nginx.host }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ template "superset.fullname" . }} + port: + number: 8088 + tls: + - hosts: + - '{{ .Values.service.nginx.tlshost | default .Values.service.nginx.host }}' + secretName: {{ .Values.service.nginx.tlsSecretname | default "tls-secret-replica" }} {{- end }} \ No newline at end of file diff --git a/charts/superset/templates/node/service.yaml b/charts/superset/templates/node/service.yaml index c2ce2013..d6650098 100644 --- a/charts/superset/templates/node/service.yaml +++ b/charts/superset/templates/node/service.yaml @@ -1,19 +1,19 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "superset.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - port: 8088 - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "superset.name" . }} - release: {{ .Release.Name }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "superset.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: 8088 + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "superset.name" . }} + release: {{ .Release.Name }} diff --git a/charts/superset/templates/superset-configs.yaml b/charts/superset/templates/superset-configs.yaml index 3443624d..add4c1a3 100644 --- a/charts/superset/templates/superset-configs.yaml +++ b/charts/superset/templates/superset-configs.yaml @@ -1,21 +1,21 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "superset.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.fullname" . }} - chart: {{ template "superset.chart" . }} - release: "{{ .Release.Name }}" -type: Opaque -stringData: - superset_config.py: | - {{- include "superset-config" . | nindent 4 }} - superset_init.sh: | - {{- tpl .Values.init.initscript . | nindent 4 }} - superset_bootstrap.sh: | - #!/bin/bash - pip install psycopg2-binary==2.9.6 \ - sqlalchemy-bigquery==1.6.1 \ - elasticsearch-dbapi==0.2.5 &&\ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "superset.fullname" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.fullname" . }} + chart: {{ template "superset.chart" . }} + release: "{{ .Release.Name }}" +type: Opaque +stringData: + superset_config.py: | + {{- include "superset-config" . | nindent 4 }} + superset_init.sh: | + {{- tpl .Values.init.initscript . | nindent 4 }} + superset_bootstrap.sh: | + #!/bin/bash + pip install psycopg2-binary==2.9.6 \ + sqlalchemy-bigquery==1.6.1 \ + elasticsearch-dbapi==0.2.5 &&\ if [ ! -f ~/bootstrap ]; then echo "Running Superset with uid 0" > ~/bootstrap; fi \ No newline at end of file diff --git a/charts/superset/templates/worker/deployment.yaml b/charts/superset/templates/worker/deployment.yaml index ab8f63d1..97571913 100644 --- a/charts/superset/templates/worker/deployment.yaml +++ b/charts/superset/templates/worker/deployment.yaml @@ -1,89 +1,89 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "superset.fullname" . }}-worker - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "superset.name" . }}-worker - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "supersetWorker.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} - checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} - checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} - labels: - app: {{ template "superset.name" . }}-worker - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: 0 - initContainers: - - name: wait-for-postgres-redis - image: apache/superset:dockerize - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: '{{ template "superset.fullname" . }}-env' - command: - - /bin/sh - - -c - - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s - containers: - - name: {{ .Chart.Name }} - image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-c" - - ". /app/pythonpath/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker" - env: - - name: "SUPERSET_PORT" - value: "8088" - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key | quote}} - value: {{ $value | quote }} - {{- end }} - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgres-root-secret - key: postgres-password - - name: "DB_USER" - value: postgres - envFrom: - - secretRef: - name: {{ template "superset.fullname" . }}-env - - volumeMounts: - - name: superset-config - mountPath: "/app/pythonpath" - readOnly: true - livenessProbe: - exec: - command: - - sh - - -c - - celery -A superset.tasks.celery_app:app inspect ping -d celery@$HOSTNAME - initialDelaySeconds: 120 - timeoutSeconds: 60 - failureThreshold: 3 - periodSeconds: 60 - successThreshold: 1 - resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 1000Mi - volumes: - - name: superset-config - secret: +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "superset.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }}-worker + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "supersetWorker.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/superset_config.py: {{ include "superset-config" . | sha256sum }} + checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }} + checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }} + labels: + app: {{ template "superset.name" . }}-worker + release: {{ .Release.Name }} + spec: + securityContext: + runAsUser: 0 + initContainers: + - name: wait-for-postgres-redis + image: apache/superset:dockerize + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: '{{ template "superset.fullname" . }}-env' + command: + - /bin/sh + - -c + - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s + containers: + - name: {{ .Chart.Name }} + image: "apachesuperset.docker.scarf.sh/apache/superset:4.1.1" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - ". /app/pythonpath/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker" + env: + - name: "SUPERSET_PORT" + value: "8088" + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key | quote}} + value: {{ $value | quote }} + {{- end }} + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-root-secret + key: postgres-password + - name: "DB_USER" + value: postgres + envFrom: + - secretRef: + name: {{ template "superset.fullname" . }}-env + + volumeMounts: + - name: superset-config + mountPath: "/app/pythonpath" + readOnly: true + livenessProbe: + exec: + command: + - sh + - -c + - celery -A superset.tasks.celery_app:app inspect ping -d celery@$HOSTNAME + initialDelaySeconds: 120 + timeoutSeconds: 60 + failureThreshold: 3 + periodSeconds: 60 + successThreshold: 1 + resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 1000Mi + volumes: + - name: superset-config + secret: secretName: {{ template "superset.fullname" . }}-config \ No newline at end of file diff --git a/charts/superset/values.schema.json b/charts/superset/values.schema.json index f641335d..9eb9dd1f 100644 --- a/charts/superset/values.schema.json +++ b/charts/superset/values.schema.json @@ -1,93 +1,93 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { "type": "string", "enum": ["250m"] }, - "memory": { "type": "string", "enum": ["250Mi"] } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { "type": "string", "enum": ["500m"] }, - "memory": { "type": "string", "enum": ["500Mi"] } - } - } - } - }, - "supersetNode": { - "type": "object", - "properties": { - "connections": { - "type": "object", - "properties": { - "redis_host": { "type": "string", "enum": ["{{ .Release.Name }}-redis-headless-service"] }, - "redis_port": { "type": "string", "enum": ["6379"] }, - "redis_user": { "type": "string", "enum": [""] }, - "redis_cache_db": { "type": "string", "enum": ["1"] }, - "redis_celery_db": { "type": "string", "enum": ["0"] }, - "redis_ssl": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [false] }, - "ssl_cert_reqs": { "type": "string", "enum": ["CERT_NONE"] } - } - }, - "db_host": { "type": "string", "enum": ["{{ .Release.Name }}-postgres"] }, - "db_port": { "type": "string", "enum": ["5432"] }, - "db_user": { "type": "string", "enum": ["superset_user"] }, - "db_pass": { "type": "string", "enum": ["superset"] }, - "db_name": { "type": "string", "enum": ["superset"] } - } - } - } - }, - "init": { - "type": "object", - "properties": { - "createAdmin": { "type": "boolean", "enum": [true] }, - "adminUser": { - "type": "object", - "properties": { - "username": { "type": "string", "enum": ["admin"] }, - "firstname": { "type": "string", "enum": ["Superset"] }, - "lastname": { "type": "string", "enum": ["Admin"] }, - "email": { "type": "string", "enum": ["admin@superset.com"] }, - "password": { "type": "string", "enum": ["admin"] } - } - }, - "initscript": { "type": "string" } - } - }, - "postgres": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] }, - "postgresRootPassword": { "type": "string", "enum": ["superset"] }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["superset"] }, - "password": { "type": "string", "enum": ["superset"] }, - "database": { "type": "string", "enum": ["superset"] } - } - } - } - } - }, - "redis": { - "type": "object", - "properties": { - "enabled": { "type": "boolean", "enum": [true] } - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { "type": "string", "enum": ["250m"] }, + "memory": { "type": "string", "enum": ["250Mi"] } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { "type": "string", "enum": ["500m"] }, + "memory": { "type": "string", "enum": ["500Mi"] } + } + } + } + }, + "supersetNode": { + "type": "object", + "properties": { + "connections": { + "type": "object", + "properties": { + "redis_host": { "type": "string", "enum": ["{{ .Release.Name }}-redis-headless-service"] }, + "redis_port": { "type": "string", "enum": ["6379"] }, + "redis_user": { "type": "string", "enum": [""] }, + "redis_cache_db": { "type": "string", "enum": ["1"] }, + "redis_celery_db": { "type": "string", "enum": ["0"] }, + "redis_ssl": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [false] }, + "ssl_cert_reqs": { "type": "string", "enum": ["CERT_NONE"] } + } + }, + "db_host": { "type": "string", "enum": ["{{ .Release.Name }}-postgres"] }, + "db_port": { "type": "string", "enum": ["5432"] }, + "db_user": { "type": "string", "enum": ["superset_user"] }, + "db_pass": { "type": "string", "enum": ["superset"] }, + "db_name": { "type": "string", "enum": ["superset"] } + } + } + } + }, + "init": { + "type": "object", + "properties": { + "createAdmin": { "type": "boolean", "enum": [true] }, + "adminUser": { + "type": "object", + "properties": { + "username": { "type": "string", "enum": ["admin"] }, + "firstname": { "type": "string", "enum": ["Superset"] }, + "lastname": { "type": "string", "enum": ["Admin"] }, + "email": { "type": "string", "enum": ["admin@superset.com"] }, + "password": { "type": "string", "enum": ["admin"] } + } + }, + "initscript": { "type": "string" } + } + }, + "postgres": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] }, + "postgresRootPassword": { "type": "string", "enum": ["superset"] }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["superset"] }, + "password": { "type": "string", "enum": ["superset"] }, + "database": { "type": "string", "enum": ["superset"] } + } + } + } + } + }, + "redis": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "enum": [true] } + } + } + } } \ No newline at end of file diff --git a/charts/superset/values.yaml b/charts/superset/values.yaml index 53af3b00..56f9d1cf 100644 --- a/charts/superset/values.yaml +++ b/charts/superset/values.yaml @@ -1,87 +1,87 @@ -service: - nginx: - host : - tlshost : - tlsSecretname : - -resources: - requests: - cpu: 250m - memory: 250Mi - limits: - cpu: 500m - memory: 500Mi - -# SuperSet Configs -supersetNode: - connections: - # Redis Configs - redis_host: "{{ .Release.Name }}-redis-headless-service" - redis_port: "6379" - redis_user: "" - redis_cache_db: "1" - redis_celery_db: "0" - redis_ssl: - enabled: false - ssl_cert_reqs: CERT_NONE - - # Postgresql Configs - db_host: "{{ .Release.Name }}-postgres" - db_port: "5432" - db_user: superset_user - db_pass: superset - db_name: superset - - # Feature flags configuration - featureFlags: {} - - # Additional Superset configurations - config: {} - -supersetCeleryBeat: - enabled: false - -supersetCeleryFlower: - enabled: false - -init: - createAdmin: true - adminUser: - username: admin - firstname: Superset - lastname: Admin - email: admin@superset.com - password: admin - - initscript: |- - #!/bin/sh - set -eu - echo "Upgrading DB schema..." - superset db upgrade - echo "Initializing roles..." - superset init - {{ if .Values.init.createAdmin }} - echo "Creating admin user..." - superset fab create-admin \ - --username {{ .Values.init.adminUser.username }} \ - --firstname {{ .Values.init.adminUser.firstname }} \ - --lastname {{ .Values.init.adminUser.lastname }} \ - --email {{ .Values.init.adminUser.email }} \ - --password {{ .Values.init.adminUser.password }} \ - || true - {{- end }} - if [ -f "/app/configs/import_datasources.yaml" ]; then - echo "Importing database connections.... " - superset import_datasources -p /app/configs/import_datasources.yaml - fi - -postgres: - enabled: true - postgresRootPassword: "superset" - services: - - name : superset - password : superset - database : superset - -redis: +service: + nginx: + host : + tlshost : + tlsSecretname : + +resources: + requests: + cpu: 250m + memory: 250Mi + limits: + cpu: 500m + memory: 500Mi + +# SuperSet Configs +supersetNode: + connections: + # Redis Configs + redis_host: "{{ .Release.Name }}-redis-headless-service" + redis_port: "6379" + redis_user: "" + redis_cache_db: "1" + redis_celery_db: "0" + redis_ssl: + enabled: false + ssl_cert_reqs: CERT_NONE + + # Postgresql Configs + db_host: "{{ .Release.Name }}-postgres" + db_port: "5432" + db_user: superset_user + db_pass: superset + db_name: superset + + # Feature flags configuration + featureFlags: {} + + # Additional Superset configurations + config: {} + +supersetCeleryBeat: + enabled: false + +supersetCeleryFlower: + enabled: false + +init: + createAdmin: true + adminUser: + username: admin + firstname: Superset + lastname: Admin + email: admin@superset.com + password: admin + + initscript: |- + #!/bin/sh + set -eu + echo "Upgrading DB schema..." + superset db upgrade + echo "Initializing roles..." + superset init + {{ if .Values.init.createAdmin }} + echo "Creating admin user..." + superset fab create-admin \ + --username {{ .Values.init.adminUser.username }} \ + --firstname {{ .Values.init.adminUser.firstname }} \ + --lastname {{ .Values.init.adminUser.lastname }} \ + --email {{ .Values.init.adminUser.email }} \ + --password {{ .Values.init.adminUser.password }} \ + || true + {{- end }} + if [ -f "/app/configs/import_datasources.yaml" ]; then + echo "Importing database connections.... " + superset import_datasources -p /app/configs/import_datasources.yaml + fi + +postgres: + enabled: true + postgresRootPassword: "superset" + services: + - name : superset + password : superset + database : superset + +redis: enabled: true \ No newline at end of file diff --git a/charts/surrealdb/Chart.yaml b/charts/surrealdb/Chart.yaml index 3079d9b1..efaf13ed 100644 --- a/charts/surrealdb/Chart.yaml +++ b/charts/surrealdb/Chart.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 -appVersion: "1.0" -description: Helm chart for deploying surrealdb -name: surrealdb -version: 0.0.3 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png" -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for deploying surrealdb +name: surrealdb +version: 0.0.3 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png" +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: datasource \ No newline at end of file diff --git a/charts/surrealdb/Readme.md b/charts/surrealdb/Readme.md index 2e6da8b2..9ebf58fa 100644 --- a/charts/surrealdb/Readme.md +++ b/charts/surrealdb/Readme.md @@ -1,137 +1,137 @@ -# SurrealDB Helm Chart - -The SurrealDB Helm chart provides an easy way to deploy **SurrealDB**, a next-generation database for modern applications, in your Kubernetes cluster. SurrealDB supports SQL-like queries and is highly flexible, scalable, and efficient. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the SurrealDB Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/surrealdb -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-surrealdb zopdev/surrealdb -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the SurrealDB Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-surrealdb -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The following table lists the configurable parameters of the SurrealDB Helm chart: - -| **Input** | **Type** | **Description** | **Default** | -|---------------------------|-----------|--------------------------------------------------------------------|------------------------| -| `replicaCount` | `integer` | Number of SurrealDB replicas to deploy. | `1` | -| `image` | `string` | Docker image and tag for the SurrealDB container. | `"surrealdb/surrealdb:latest"` | -| `resources.requests.cpu` | `string` | Minimum CPU resources required by the SurrealDB container. | `"100m"` | -| `resources.requests.memory`| `string` | Minimum memory resources required by the SurrealDB container. | `"256M"` | -| `resources.limits.cpu` | `string` | Maximum CPU resources the SurrealDB container can use. | `"1000m"` | -| `resources.limits.memory` | `string` | Maximum memory resources the SurrealDB container can use. | `"1Gi"` | -| `diskSize` | `string` | Size of the persistent volume for SurrealDB data storage. | `"10Gi"` | -| `updateStrategy.type` | `string` | Update strategy for rolling updates. | `"RollingUpdate"` | -| `port` | `integer` | Port on which SurrealDB listens for incoming connections. | `8000` | - -Override these values in a `values.yaml` file or via command-line arguments during installation. - ---- - -### Example `values.yaml` File - -Below is an example configuration for custom installation: - -```yaml -version: v2 - -# Resource configuration -resources: - requests: - cpu: "100m" - memory: "256M" - limits: - cpu: "1000m" - memory: "1Gi" - -# disk size for surrealdb -diskSize: "10Gi" -``` - -Use the custom configuration with the following command: - -```bash -helm install my-surrealdb zopdev/surrealdb -f values.yaml -``` - ---- - -## Features - -- **Scalability:** Supports horizontal scaling with replica configuration. -- **Resource Control:** Fine-grained control over resource limits and requests for optimized performance. -- **Persistent Storage:** Configurable disk size to ensure data durability. -- **Rolling Updates:** Seamless updates with no downtime using the rolling update strategy. -- **Flexible Port Configuration:** Easily specify the port for database connections. - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# SurrealDB Helm Chart + +The SurrealDB Helm chart provides an easy way to deploy **SurrealDB**, a next-generation database for modern applications, in your Kubernetes cluster. SurrealDB supports SQL-like queries and is highly flexible, scalable, and efficient. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the SurrealDB Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/surrealdb +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-surrealdb zopdev/surrealdb +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the SurrealDB Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-surrealdb +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The following table lists the configurable parameters of the SurrealDB Helm chart: + +| **Input** | **Type** | **Description** | **Default** | +|---------------------------|-----------|--------------------------------------------------------------------|------------------------| +| `replicaCount` | `integer` | Number of SurrealDB replicas to deploy. | `1` | +| `image` | `string` | Docker image and tag for the SurrealDB container. | `"surrealdb/surrealdb:latest"` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the SurrealDB container. | `"100m"` | +| `resources.requests.memory`| `string` | Minimum memory resources required by the SurrealDB container. | `"256M"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the SurrealDB container can use. | `"1000m"` | +| `resources.limits.memory` | `string` | Maximum memory resources the SurrealDB container can use. | `"1Gi"` | +| `diskSize` | `string` | Size of the persistent volume for SurrealDB data storage. | `"10Gi"` | +| `updateStrategy.type` | `string` | Update strategy for rolling updates. | `"RollingUpdate"` | +| `port` | `integer` | Port on which SurrealDB listens for incoming connections. | `8000` | + +Override these values in a `values.yaml` file or via command-line arguments during installation. + +--- + +### Example `values.yaml` File + +Below is an example configuration for custom installation: + +```yaml +version: v2 + +# Resource configuration +resources: + requests: + cpu: "100m" + memory: "256M" + limits: + cpu: "1000m" + memory: "1Gi" + +# disk size for surrealdb +diskSize: "10Gi" +``` + +Use the custom configuration with the following command: + +```bash +helm install my-surrealdb zopdev/surrealdb -f values.yaml +``` + +--- + +## Features + +- **Scalability:** Supports horizontal scaling with replica configuration. +- **Resource Control:** Fine-grained control over resource limits and requests for optimized performance. +- **Persistent Storage:** Configurable disk size to ensure data durability. +- **Rolling Updates:** Seamless updates with no downtime using the rolling update strategy. +- **Flexible Port Configuration:** Easily specify the port for database connections. + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/surrealdb/templates/configmap.yaml b/charts/surrealdb/templates/configmap.yaml index a385f587..020bdf91 100644 --- a/charts/surrealdb/templates/configmap.yaml +++ b/charts/surrealdb/templates/configmap.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-surrealdb-service-configmap" - namespace: {{ .Release.Namespace | quote }} -data: - SURREAL_PORT: "8000" +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-surrealdb-service-configmap" + namespace: {{ .Release.Namespace | quote }} +data: + SURREAL_PORT: "8000" SURREAL_HOST: "{{ $.Release.Name}}-surrealdb" \ No newline at end of file diff --git a/charts/surrealdb/templates/service.yaml b/charts/surrealdb/templates/service.yaml index 34c2c36c..a285af17 100644 --- a/charts/surrealdb/templates/service.yaml +++ b/charts/surrealdb/templates/service.yaml @@ -1,14 +1,14 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-surrealdb - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - app.kubernetes.io/part-of: surrealdb - app: {{ $.Release.Name }}-surrealdb - type: ClusterIP - ports: - - protocol: TCP - port: 8000 +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-surrealdb + namespace: {{ .Release.Namespace | quote }} +spec: + selector: + app.kubernetes.io/part-of: surrealdb + app: {{ $.Release.Name }}-surrealdb + type: ClusterIP + ports: + - protocol: TCP + port: 8000 targetPort: 8000 \ No newline at end of file diff --git a/charts/surrealdb/templates/statefulset.yaml b/charts/surrealdb/templates/statefulset.yaml index 2804b7c4..b9b1d237 100644 --- a/charts/surrealdb/templates/statefulset.yaml +++ b/charts/surrealdb/templates/statefulset.yaml @@ -1,72 +1,72 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $.Release.Name }}-surrealdb - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/part-of: surrealdb - app: {{ $.Release.Name }}-surrealdb -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/part-of: surrealdb - app: {{ $.Release.Name }}-surrealdb - serviceName: {{ $.Release.Name }}-surrealdb - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/part-of: surrealdb - app: {{ $.Release.Name }}-surrealdb - spec: - containers: - - name: surrealdb - image: "surrealdb/surrealdb:{{ .Values.version }}" - imagePullPolicy: "IfNotPresent" - ports: - - containerPort: 8000 - resources: - requests: - memory: {{ .Values.resources.requests.memory }} - cpu: {{ .Values.resources.requests.cpu }} - limits: - memory: {{ .Values.resources.limits.memory }} - cpu: {{ .Values.resources.limits.cpu }} - args: [start] - env: - - name: SURREAL_BIND - value: 0.0.0.0:8000 - - name: SURREALDB_DB_PATH - value: "/var/lib/surrealdb/data/" - - name: SURREAL_PATH - value: memory - - name: SURREAL_UNAUTHENTICATED - value: "true" - livenessProbe: - httpGet: - path: /health - port: 8000 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health - port: 8000 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - volumeMounts: - - name: {{ $.Release.Name }}-persistent-storage - mountPath: /var/lib/surrealdb/data - subPath: data - volumeClaimTemplates: - - metadata: - name: {{ $.Release.Name }}-persistent-storage - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $.Release.Name }}-surrealdb + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/part-of: surrealdb + app: {{ $.Release.Name }}-surrealdb +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/part-of: surrealdb + app: {{ $.Release.Name }}-surrealdb + serviceName: {{ $.Release.Name }}-surrealdb + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/part-of: surrealdb + app: {{ $.Release.Name }}-surrealdb + spec: + containers: + - name: surrealdb + image: "surrealdb/surrealdb:{{ .Values.version }}" + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 8000 + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + args: [start] + env: + - name: SURREAL_BIND + value: 0.0.0.0:8000 + - name: SURREALDB_DB_PATH + value: "/var/lib/surrealdb/data/" + - name: SURREAL_PATH + value: memory + - name: SURREAL_UNAUTHENTICATED + value: "true" + livenessProbe: + httpGet: + path: /health + port: 8000 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health + port: 8000 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + volumeMounts: + - name: {{ $.Release.Name }}-persistent-storage + mountPath: /var/lib/surrealdb/data + subPath: data + volumeClaimTemplates: + - metadata: + name: {{ $.Release.Name }}-persistent-storage + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: storage: {{ .Values.diskSize }} \ No newline at end of file diff --git a/charts/surrealdb/values.schema.json b/charts/surrealdb/values.schema.json index c2b2919b..f911d6af 100644 --- a/charts/surrealdb/values.schema.json +++ b/charts/surrealdb/values.schema.json @@ -1,76 +1,76 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "version": { - "type": "string", - "default": "v2", - "mutable": true, - "description": "SurrealDB version to use" - - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "100m", - "mutable": true, - "description": "CPU request for SurrealDB" - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+M$", - "default": "256M", - "mutable": true, - "description": "Memory request for SurrealDB" - } - } - }, - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "pattern": "^[0-9]+m$", - "default": "1000m", - "mutable": true, - "description": "CPU limit for SurrealDB" - }, - "memory": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "1Gi", - "mutable": true, - "description": "Memory limit for SurrealDB" - } - } - } - } - }, - "diskSize": { - "type": "string", - "pattern": "^[0-9]+Gi$", - "default": "10Gi", - "mutable": true, - "description": "Disk size for SurrealDB data", - "editDisabled": true - }, - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": ["name"] - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "default": "v2", + "mutable": true, + "description": "SurrealDB version to use" + + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "100m", + "mutable": true, + "description": "CPU request for SurrealDB" + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+M$", + "default": "256M", + "mutable": true, + "description": "Memory request for SurrealDB" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "pattern": "^[0-9]+m$", + "default": "1000m", + "mutable": true, + "description": "CPU limit for SurrealDB" + }, + "memory": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "1Gi", + "mutable": true, + "description": "Memory limit for SurrealDB" + } + } + } + } + }, + "diskSize": { + "type": "string", + "pattern": "^[0-9]+Gi$", + "default": "10Gi", + "mutable": true, + "description": "Disk size for SurrealDB data", + "editDisabled": true + }, + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } } \ No newline at end of file diff --git a/charts/surrealdb/values.yaml b/charts/surrealdb/values.yaml index b6f6106b..4aeb05e7 100644 --- a/charts/surrealdb/values.yaml +++ b/charts/surrealdb/values.yaml @@ -1,19 +1,19 @@ -# values.yaml for SurrealDB Helm chart - -# image version for surrealdb -version: v2 - -# Resource configuration -resources: - requests: - cpu: "100m" - memory: "256M" - limits: - cpu: "1000m" - memory: "1Gi" - -# disk size for surrealdb -diskSize: "10Gi" - - - +# values.yaml for SurrealDB Helm chart + +# image version for surrealdb +version: v2 + +# Resource configuration +resources: + requests: + cpu: "100m" + memory: "256M" + limits: + cpu: "1000m" + memory: "1Gi" + +# disk size for surrealdb +diskSize: "10Gi" + + + diff --git a/charts/wordpress/Chart.lock b/charts/wordpress/Chart.lock index ea9fd79f..47b97139 100644 --- a/charts/wordpress/Chart.lock +++ b/charts/wordpress/Chart.lock @@ -1,9 +1,9 @@ -dependencies: -- name: mysql - repository: https://helm.zop.dev - version: v0.0.3 -- name: service - repository: https://helm.zop.dev - version: v0.0.17 -digest: sha256:6d0631affe044d16df531011a7c84c0f73d4f6f4be5bfac2503881e6e0381407 -generated: "2025-03-10T12:07:57.005141+05:30" +dependencies: +- name: mysql + repository: https://helm.zop.dev + version: v0.0.3 +- name: service + repository: https://helm.zop.dev + version: v0.0.17 +digest: sha256:6d0631affe044d16df531011a7c84c0f73d4f6f4be5bfac2503881e6e0381407 +generated: "2025-03-10T12:07:57.005141+05:30" diff --git a/charts/wordpress/Chart.yaml b/charts/wordpress/Chart.yaml index 33dd7f9f..98a211ba 100644 --- a/charts/wordpress/Chart.yaml +++ b/charts/wordpress/Chart.yaml @@ -1,19 +1,19 @@ -apiVersion: v2 -appVersion: "1.0" -description: Helm chart for deploying WordPress app -name: wordpress -version: 0.0.6 -type: application -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg" -dependencies: - - name: mysql - repository: "https://helm.zop.dev" - version: 0.0.3 - - name: service - repository: "https://helm.zop.dev" - version: 0.0.17 -maintainers: - - name: ZopDev - url: zop.dev -annotations: +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for deploying WordPress app +name: wordpress +version: 0.0.6 +type: application +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg" +dependencies: + - name: mysql + repository: "https://helm.zop.dev" + version: 0.0.3 + - name: service + repository: "https://helm.zop.dev" + version: 0.0.17 +maintainers: + - name: ZopDev + url: zop.dev +annotations: type: application \ No newline at end of file diff --git a/charts/wordpress/README.md b/charts/wordpress/README.md index 70c8b0b4..0155f4cc 100644 --- a/charts/wordpress/README.md +++ b/charts/wordpress/README.md @@ -1,247 +1,247 @@ -# WordPress Helm Chart - -This Helm chart deploys WordPress, the world's most popular content management system, on Kubernetes. WordPress provides a flexible and user-friendly platform for creating websites, blogs, and web applications. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- MySQL database (automatically installed as a dependency) - ---- - -## Dependencies - -Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: - -```bash -helm dependency build -``` - -This command will: -1. Read the dependencies from `Chart.yaml` -2. Download the required charts (MySQL and Service) from the specified repositories -3. Store them in the `charts/` directory -4. Create or update the `Chart.lock` file with the exact versions - -If you encounter any issues with the dependencies, you can try: -```bash -helm dependency update # Updates dependencies to the latest versions -``` - -This chart requires the following dependencies to be installed: - -### MySQL -- **Chart**: `mysql` -- **Version**: `0.0.3` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Provides the primary database for WordPress content and configuration - -### Service -- **Chart**: `service` -- **Version**: `0.0.17` -- **Repository**: `https://helm.zop.dev` -- **Purpose**: Manages the WordPress application deployment and service configuration - -To install these dependencies automatically, ensure the following in your `values.yaml`: - -```yaml -mysql: - enabled: true - # Additional MySQL configuration... - -service: - enabled: true - # Additional service configuration... -``` - -The dependencies will be automatically installed when you deploy the WordPress chart. You can customize their configuration through the respective sections in your `values.yaml` file. - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the WordPress Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/wordpress -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-wordpress zopdev/wordpress -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the WordPress Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-wordpress -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The WordPress Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### Service Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `service.name` | `string` | Name of the WordPress service. | `"wordpress"` | -| `service.image` | `string` | Docker image for WordPress. | `"wordpress:latest"` | -| `service.minCPU` | `string` | Minimum CPU resources required. | `"250m"` | -| `service.minMemory` | `string` | Minimum memory resources required. | `"1000Mi"` | -| `service.maxCPU` | `string` | Maximum CPU resources allowed. | `"500m"` | -| `service.maxMemory` | `string` | Maximum memory resources allowed. | `"1500Mi"` | -| `service.minReplicas` | `integer` | Minimum number of replicas. | `1` | -| `service.maxReplicas` | `integer` | Maximum number of replicas. | `1` | -| `service.httpPort` | `integer` | HTTP port for the WordPress service. | `80` | - -### Environment Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `service.env.WORDPRESS_DB_HOST` | `string` | MySQL database host. | `"$(DB_HOST):$(DB_PORT)"` | -| `service.env.WORDPRESS_DB_USER` | `string` | MySQL database username. | `"$(DB_USER)"` | -| `service.env.WORDPRESS_DB_PASSWORD` | `string` | MySQL database password. | `"$(DB_PASSWORD)"` | -| `service.env.WORDPRESS_DB_NAME` | `string` | MySQL database name. | `"$(DB_NAME)"` | - -### MySQL Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `mysql.services[0].name` | `string` | Name of the MySQL service. | `"wordpress"` | -| `mysql.services[0].database` | `string` | Name of the MySQL database. | `"wordpress"` | - -### Ingress Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `service.nginx.annotations` | `object` | Nginx ingress annotations. | `{}` | - ---- - -## Example `values.yaml` - -```yaml -mysql: - services: - - name: wordpress - database: wordpress - -service: - name: wordpress - image: wordpress:latest - minCPU: "250m" - minMemory: "1000Mi" - maxCPU: "500m" - maxMemory: "1500Mi" - minReplicas: 1 - maxReplicas: 1 - - env: - WORDPRESS_DB_HOST: "$(DB_HOST):$(DB_PORT)" - WORDPRESS_DB_USER: "$(DB_USER)" - WORDPRESS_DB_PASSWORD: "$(DB_PASSWORD)" - WORDPRESS_DB_NAME: "$(DB_NAME)" - - datastores: - mysql: - - datastore: wordpress - database: wordpress - - httpPort: 80 -``` - ---- - -## Features - -- Deploys WordPress with all dependencies -- Automatic MySQL database setup -- Configurable resource limits and requests -- Horizontal pod autoscaling support -- Ingress configuration for external access -- Environment variable configuration -- Database connection management -- Persistent storage for uploads -- Customizable WordPress settings -- Nginx ingress support - ---- - -## Architecture - -The WordPress deployment includes: -- WordPress application pods -- MySQL database (dependency) -- Persistent volume for uploads -- Ingress configuration for external access -- Environment variable configuration -- Database connection management -- Health check endpoints -- Resource management - ---- - -## Security Features - -- Database password management -- Ingress authentication support -- Resource limits and requests -- Secure environment variable handling -- Database connection security -- Pod security context -- Network policies - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# WordPress Helm Chart + +This Helm chart deploys WordPress, the world's most popular content management system, on Kubernetes. WordPress provides a flexible and user-friendly platform for creating websites, blogs, and web applications. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- MySQL database (automatically installed as a dependency) + +--- + +## Dependencies + +Before installing the chart, you need to download the required dependencies. Run the following command in the chart directory: + +```bash +helm dependency build +``` + +This command will: +1. Read the dependencies from `Chart.yaml` +2. Download the required charts (MySQL and Service) from the specified repositories +3. Store them in the `charts/` directory +4. Create or update the `Chart.lock` file with the exact versions + +If you encounter any issues with the dependencies, you can try: +```bash +helm dependency update # Updates dependencies to the latest versions +``` + +This chart requires the following dependencies to be installed: + +### MySQL +- **Chart**: `mysql` +- **Version**: `0.0.3` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Provides the primary database for WordPress content and configuration + +### Service +- **Chart**: `service` +- **Version**: `0.0.17` +- **Repository**: `https://helm.zop.dev` +- **Purpose**: Manages the WordPress application deployment and service configuration + +To install these dependencies automatically, ensure the following in your `values.yaml`: + +```yaml +mysql: + enabled: true + # Additional MySQL configuration... + +service: + enabled: true + # Additional service configuration... +``` + +The dependencies will be automatically installed when you deploy the WordPress chart. You can customize their configuration through the respective sections in your `values.yaml` file. + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the WordPress Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/wordpress +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-wordpress zopdev/wordpress +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the WordPress Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-wordpress +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The WordPress Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### Service Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `service.name` | `string` | Name of the WordPress service. | `"wordpress"` | +| `service.image` | `string` | Docker image for WordPress. | `"wordpress:latest"` | +| `service.minCPU` | `string` | Minimum CPU resources required. | `"250m"` | +| `service.minMemory` | `string` | Minimum memory resources required. | `"1000Mi"` | +| `service.maxCPU` | `string` | Maximum CPU resources allowed. | `"500m"` | +| `service.maxMemory` | `string` | Maximum memory resources allowed. | `"1500Mi"` | +| `service.minReplicas` | `integer` | Minimum number of replicas. | `1` | +| `service.maxReplicas` | `integer` | Maximum number of replicas. | `1` | +| `service.httpPort` | `integer` | HTTP port for the WordPress service. | `80` | + +### Environment Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `service.env.WORDPRESS_DB_HOST` | `string` | MySQL database host. | `"$(DB_HOST):$(DB_PORT)"` | +| `service.env.WORDPRESS_DB_USER` | `string` | MySQL database username. | `"$(DB_USER)"` | +| `service.env.WORDPRESS_DB_PASSWORD` | `string` | MySQL database password. | `"$(DB_PASSWORD)"` | +| `service.env.WORDPRESS_DB_NAME` | `string` | MySQL database name. | `"$(DB_NAME)"` | + +### MySQL Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `mysql.services[0].name` | `string` | Name of the MySQL service. | `"wordpress"` | +| `mysql.services[0].database` | `string` | Name of the MySQL database. | `"wordpress"` | + +### Ingress Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `service.nginx.annotations` | `object` | Nginx ingress annotations. | `{}` | + +--- + +## Example `values.yaml` + +```yaml +mysql: + services: + - name: wordpress + database: wordpress + +service: + name: wordpress + image: wordpress:latest + minCPU: "250m" + minMemory: "1000Mi" + maxCPU: "500m" + maxMemory: "1500Mi" + minReplicas: 1 + maxReplicas: 1 + + env: + WORDPRESS_DB_HOST: "$(DB_HOST):$(DB_PORT)" + WORDPRESS_DB_USER: "$(DB_USER)" + WORDPRESS_DB_PASSWORD: "$(DB_PASSWORD)" + WORDPRESS_DB_NAME: "$(DB_NAME)" + + datastores: + mysql: + - datastore: wordpress + database: wordpress + + httpPort: 80 +``` + +--- + +## Features + +- Deploys WordPress with all dependencies +- Automatic MySQL database setup +- Configurable resource limits and requests +- Horizontal pod autoscaling support +- Ingress configuration for external access +- Environment variable configuration +- Database connection management +- Persistent storage for uploads +- Customizable WordPress settings +- Nginx ingress support + +--- + +## Architecture + +The WordPress deployment includes: +- WordPress application pods +- MySQL database (dependency) +- Persistent volume for uploads +- Ingress configuration for external access +- Environment variable configuration +- Database connection management +- Health check endpoints +- Resource management + +--- + +## Security Features + +- Database password management +- Ingress authentication support +- Resource limits and requests +- Secure environment variable handling +- Database connection security +- Pod security context +- Network policies + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/wordpress/values.schema.json b/charts/wordpress/values.schema.json index fa3e269a..56e2c565 100644 --- a/charts/wordpress/values.schema.json +++ b/charts/wordpress/values.schema.json @@ -1,70 +1,70 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "mysql": { - "type": "object", - "properties": { - "services": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["wordpress"] }, - "database": { "type": "string", "enum": ["wordpress"] } - }, - "required": ["name", "database"] - } - } - } - }, - "service": { - "type": "object", - "properties": { - "name": { "type": "string", "enum": ["wordpress"] }, - "image": { "type": "string", "enum": ["wordpress:php8.4"] }, - "minCPU": { "type": "string", "default": "250m", "mutable": true }, - "minMemory": { "type": "string", "default": "1000Mi", "mutable": true }, - "maxCPU": { "type": "string", "default": "500m", "mutable": true }, - "maxMemory": { "type": "string", "default": "1500Mi", "mutable": true }, - "minReplicas": { "type": "integer", "enum": [1] }, - "maxReplicas": { "type": "integer", "enum": [1] }, - "env": { - "type": "object", - "properties": { - "WORDPRESS_DB_HOST": { "type": "string", - "enum": ["$(DB_HOST):$(DB_PORT)"] - }, - "WORDPRESS_DB_USER": { "type": "string", - "enum": ["$(DB_USER)"] - }, - "WORDPRESS_DB_PASSWORD": { "type": "string", - "enum": ["$(DB_PASSWORD)"] - }, - "WORDPRESS_DB_NAME": { "type": "string", - "enum": ["$(DB_NAME)"] - } - }, - "required": ["WORDPRESS_DB_HOST", "WORDPRESS_DB_USER", "WORDPRESS_DB_PASSWORD", "WORDPRESS_DB_NAME"] - }, - "datastores": { - "type": "object", - "properties": { - "mysql": { - "type": "array", - "items": { - "type": "object", - "properties": { - "datastore": { "type": "string", "enum": ["wordpress"] }, - "database": { "type": "string", "enum": ["wordpress"] } - }, - "required": ["datastore", "database"] - } - } - } - }, - "httpPort": { "type": "integer", "enum": [80] } - } - } - } +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "mysql": { + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["wordpress"] }, + "database": { "type": "string", "enum": ["wordpress"] } + }, + "required": ["name", "database"] + } + } + } + }, + "service": { + "type": "object", + "properties": { + "name": { "type": "string", "enum": ["wordpress"] }, + "image": { "type": "string", "enum": ["wordpress:php8.4"] }, + "minCPU": { "type": "string", "default": "250m", "mutable": true }, + "minMemory": { "type": "string", "default": "1000Mi", "mutable": true }, + "maxCPU": { "type": "string", "default": "500m", "mutable": true }, + "maxMemory": { "type": "string", "default": "1500Mi", "mutable": true }, + "minReplicas": { "type": "integer", "enum": [1] }, + "maxReplicas": { "type": "integer", "enum": [1] }, + "env": { + "type": "object", + "properties": { + "WORDPRESS_DB_HOST": { "type": "string", + "enum": ["$(DB_HOST):$(DB_PORT)"] + }, + "WORDPRESS_DB_USER": { "type": "string", + "enum": ["$(DB_USER)"] + }, + "WORDPRESS_DB_PASSWORD": { "type": "string", + "enum": ["$(DB_PASSWORD)"] + }, + "WORDPRESS_DB_NAME": { "type": "string", + "enum": ["$(DB_NAME)"] + } + }, + "required": ["WORDPRESS_DB_HOST", "WORDPRESS_DB_USER", "WORDPRESS_DB_PASSWORD", "WORDPRESS_DB_NAME"] + }, + "datastores": { + "type": "object", + "properties": { + "mysql": { + "type": "array", + "items": { + "type": "object", + "properties": { + "datastore": { "type": "string", "enum": ["wordpress"] }, + "database": { "type": "string", "enum": ["wordpress"] } + }, + "required": ["datastore", "database"] + } + } + } + }, + "httpPort": { "type": "integer", "enum": [80] } + } + } + } } \ No newline at end of file diff --git a/charts/wordpress/values.yaml b/charts/wordpress/values.yaml index d6463226..05c26d46 100644 --- a/charts/wordpress/values.yaml +++ b/charts/wordpress/values.yaml @@ -1,35 +1,35 @@ -mysql: - services: - - name: wordpress - database: wordpress - -service: - name: wordpress - image: wordpress:php8.4 - minCPU: "250m" - minMemory: "1000Mi" - maxCPU: "500m" - maxMemory: "1500Mi" - minReplicas: 1 - maxReplicas: 1 - - nginx: - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-realm: '' - nginx.ingress.kubernetes.io/auth-secret: '' - nginx.ingress.kubernetes.io/auth-type: '' - - env: - WORDPRESS_DB_HOST: "$(DB_HOST):$(DB_PORT)" - WORDPRESS_DB_USER: "$(DB_USER)" - WORDPRESS_DB_PASSWORD: "$(DB_PASSWORD)" - WORDPRESS_DB_NAME: "$(DB_NAME)" - - datastores: - mysql: - - datastore: wordpress - database: wordpress - - +mysql: + services: + - name: wordpress + database: wordpress + +service: + name: wordpress + image: wordpress:php8.4 + minCPU: "250m" + minMemory: "1000Mi" + maxCPU: "500m" + maxMemory: "1500Mi" + minReplicas: 1 + maxReplicas: 1 + + nginx: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/auth-realm: '' + nginx.ingress.kubernetes.io/auth-secret: '' + nginx.ingress.kubernetes.io/auth-type: '' + + env: + WORDPRESS_DB_HOST: "$(DB_HOST):$(DB_PORT)" + WORDPRESS_DB_USER: "$(DB_USER)" + WORDPRESS_DB_PASSWORD: "$(DB_PASSWORD)" + WORDPRESS_DB_NAME: "$(DB_NAME)" + + datastores: + mysql: + - datastore: wordpress + database: wordpress + + httpPort: 80 \ No newline at end of file diff --git a/charts/zookeeper-operator/Chart.yaml b/charts/zookeeper-operator/Chart.yaml index fe2e8a8c..1bf52890 100644 --- a/charts/zookeeper-operator/Chart.yaml +++ b/charts/zookeeper-operator/Chart.yaml @@ -1,9 +1,9 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Deploying Zookeeper Operator on Kubernetes -name: zookeeper-operator -version: 0.0.1 -icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250407/69625503-f6f1-4521-9c14-1d262ee8683b-zookeeper.png" -maintainers: - - name: ZopDev +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Deploying Zookeeper Operator on Kubernetes +name: zookeeper-operator +version: 0.0.1 +icon: "https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250407/69625503-f6f1-4521-9c14-1d262ee8683b-zookeeper.png" +maintainers: + - name: ZopDev url: zop.dev \ No newline at end of file diff --git a/charts/zookeeper-operator/README.md b/charts/zookeeper-operator/README.md index c64c18b0..da3fbd80 100644 --- a/charts/zookeeper-operator/README.md +++ b/charts/zookeeper-operator/README.md @@ -1,181 +1,181 @@ -# Zookeeper Operator Helm Chart - -This Helm chart deploys the Zookeeper Operator, a Kubernetes operator that manages Apache Zookeeper clusters. The operator automates the deployment, scaling, and management of Zookeeper clusters in a Kubernetes environment. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- Cluster admin privileges for CRD installation - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the Zookeeper Operator Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/zookeeper-operator -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-zookeeper-operator zopdev/zookeeper-operator -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Zookeeper Operator Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-zookeeper-operator -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The Zookeeper Operator Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### CRD Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `crd.create` | `boolean` | Whether to create the Zookeeper CRD. | `true` | - -### Resource Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `resources.requests.cpu` | `string` | CPU resource requests for the operator. | `"100m"` | -| `resources.requests.memory` | `string` | Memory resource requests for the operator. | `"128Mi"` | -| `resources.limits.cpu` | `string` | CPU resource limits for the operator. | `"200m"` | -| `resources.limits.memory` | `string` | Memory resource limits for the operator. | `"256Mi"` | - ---- - -## Example `values.yaml` - -```yaml -crd: - create: true - -resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" -``` - ---- - -## Features - -- Automated Zookeeper cluster management -- Custom Resource Definition (CRD) for Zookeeper clusters -- Resource management for the operator -- Automatic CRD installation -- Kubernetes-native deployment -- Operator lifecycle management -- Resource limits and requests configuration - ---- - -## Architecture - -The Zookeeper Operator deployment includes: -- Operator pod for managing Zookeeper clusters -- Custom Resource Definition (CRD) for Zookeeper resources -- Resource management configuration -- Kubernetes controller for Zookeeper operations -- Event handling and reconciliation -- Health monitoring -- Resource management - ---- - -## Security Features - -- Resource limits and requests -- RBAC configuration -- Pod security context -- Network policies -- Operator security -- CRD security - ---- - -## Usage - -After installing the Zookeeper Operator, you can create Zookeeper clusters using the custom resource. Here's an example: - -```yaml -crd: - create: true - -resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" -``` - -The operator will automatically: -1. Create the necessary Kubernetes resources -2. Manage the Zookeeper cluster lifecycle -3. Handle scaling operations -4. Monitor cluster health -5. Perform automated maintenance - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Zookeeper Operator Helm Chart + +This Helm chart deploys the Zookeeper Operator, a Kubernetes operator that manages Apache Zookeeper clusters. The operator automates the deployment, scaling, and management of Zookeeper clusters in a Kubernetes environment. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- Cluster admin privileges for CRD installation + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the Zookeeper Operator Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/zookeeper-operator +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-zookeeper-operator zopdev/zookeeper-operator +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Zookeeper Operator Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-zookeeper-operator +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The Zookeeper Operator Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### CRD Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `crd.create` | `boolean` | Whether to create the Zookeeper CRD. | `true` | + +### Resource Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `resources.requests.cpu` | `string` | CPU resource requests for the operator. | `"100m"` | +| `resources.requests.memory` | `string` | Memory resource requests for the operator. | `"128Mi"` | +| `resources.limits.cpu` | `string` | CPU resource limits for the operator. | `"200m"` | +| `resources.limits.memory` | `string` | Memory resource limits for the operator. | `"256Mi"` | + +--- + +## Example `values.yaml` + +```yaml +crd: + create: true + +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" +``` + +--- + +## Features + +- Automated Zookeeper cluster management +- Custom Resource Definition (CRD) for Zookeeper clusters +- Resource management for the operator +- Automatic CRD installation +- Kubernetes-native deployment +- Operator lifecycle management +- Resource limits and requests configuration + +--- + +## Architecture + +The Zookeeper Operator deployment includes: +- Operator pod for managing Zookeeper clusters +- Custom Resource Definition (CRD) for Zookeeper resources +- Resource management configuration +- Kubernetes controller for Zookeeper operations +- Event handling and reconciliation +- Health monitoring +- Resource management + +--- + +## Security Features + +- Resource limits and requests +- RBAC configuration +- Pod security context +- Network policies +- Operator security +- CRD security + +--- + +## Usage + +After installing the Zookeeper Operator, you can create Zookeeper clusters using the custom resource. Here's an example: + +```yaml +crd: + create: true + +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" +``` + +The operator will automatically: +1. Create the necessary Kubernetes resources +2. Manage the Zookeeper cluster lifecycle +3. Handle scaling operations +4. Monitor cluster health +5. Perform automated maintenance + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/zookeeper-operator/templates/_helpers.tpl b/charts/zookeeper-operator/templates/_helpers.tpl index 0ae60f3d..2c565126 100644 --- a/charts/zookeeper-operator/templates/_helpers.tpl +++ b/charts/zookeeper-operator/templates/_helpers.tpl @@ -1,26 +1,26 @@ -{{- define "zookeeper-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "zookeeper-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "zookeeper-operator.commonLabels" -}} -app.kubernetes.io/name: {{ include "zookeeper-operator.name" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - +{{- define "zookeeper-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "zookeeper-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "zookeeper-operator.commonLabels" -}} +app.kubernetes.io/name: {{ include "zookeeper-operator.name" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" +{{- end -}} + diff --git a/charts/zookeeper-operator/templates/clusterrole.yaml b/charts/zookeeper-operator/templates/clusterrole.yaml index e5e56ad2..6d5fbf1b 100644 --- a/charts/zookeeper-operator/templates/clusterrole.yaml +++ b/charts/zookeeper-operator/templates/clusterrole.yaml @@ -1,42 +1,42 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} -rules: -- apiGroups: - - zookeeper.pravega.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - nodes - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - serviceaccounts - verbs: - - "*" -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - "*" +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +rules: +- apiGroups: + - zookeeper.pravega.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - "*" +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - "*" diff --git a/charts/zookeeper-operator/templates/clusterrolebinding.yaml b/charts/zookeeper-operator/templates/clusterrolebinding.yaml index 1e8ccd4d..937b2ddc 100644 --- a/charts/zookeeper-operator/templates/clusterrolebinding.yaml +++ b/charts/zookeeper-operator/templates/clusterrolebinding.yaml @@ -1,14 +1,14 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} -subjects: -- kind: ServiceAccount - name: zookeeper-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "zookeeper-operator.fullname" . }} - apiGroup: rbac.authorization.k8s.io +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +subjects: +- kind: ServiceAccount + name: zookeeper-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "zookeeper-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/zookeeper-operator/templates/operator.yaml b/charts/zookeeper-operator/templates/operator.yaml index d66fc0ce..0a8a493d 100644 --- a/charts/zookeeper-operator/templates/operator.yaml +++ b/charts/zookeeper-operator/templates/operator.yaml @@ -1,42 +1,42 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "zookeeper-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - name: {{ template "zookeeper-operator.fullname" . }} - template: - metadata: - labels: - name: {{ template "zookeeper-operator.fullname" . }} - component: zookeeper-operator - spec: - serviceAccountName: zookeeper-operator - containers: - - name: {{ template "zookeeper-operator.fullname" . }} - image: "pravega/zookeeper-operator:0.2.15" - imagePullPolicy: IfNotPresent - ports: - - containerPort: 6000 - name: metrics - command: - - zookeeper-operator - env: - - name: WATCH_NAMESPACE - value: "" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: {{ template "zookeeper-operator.fullname" . }} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- end }} - +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "zookeeper-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + name: {{ template "zookeeper-operator.fullname" . }} + template: + metadata: + labels: + name: {{ template "zookeeper-operator.fullname" . }} + component: zookeeper-operator + spec: + serviceAccountName: zookeeper-operator + containers: + - name: {{ template "zookeeper-operator.fullname" . }} + image: "pravega/zookeeper-operator:0.2.15" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 6000 + name: metrics + command: + - zookeeper-operator + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: {{ template "zookeeper-operator.fullname" . }} + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- end }} + diff --git a/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml b/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml index 88ab569a..890238a4 100644 --- a/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml +++ b/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml @@ -1,107 +1,107 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -rules: -- apiGroups: - - zookeeper.pravega.io - resources: - - "*" - verbs: - - get -- apiGroups: - - extensions - resources: - - "deployments" - verbs: - - get ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -subjects: -- kind: ServiceAccount - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{.Release.Namespace}} -roleRef: - kind: Role - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - apiGroup: rbac.authorization.k8s.io - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -data: - validations.sh: | - #!/bin/sh - set -e - sleep 30 - - if [ -z "$(kubectl api-resources | grep ZookeeperCluster)" ]; then - exit 1 - fi ---- - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -spec: - backoffLimit: 10 - template: - metadata: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - spec: - serviceAccountName: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - restartPolicy: Never - containers: - - name: post-install-upgrade-job - image: "lachlanevenson/k8s-kubectl:v1.23.2" - command: - - /scripts/validations.sh - volumeMounts: - - name: sh - mountPath: /scripts - readOnly: true - volumes: - - name: sh - configMap: - name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade - defaultMode: 0555 +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +rules: +- apiGroups: + - zookeeper.pravega.io + resources: + - "*" + verbs: + - get +- apiGroups: + - extensions + resources: + - "deployments" + verbs: + - get +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +subjects: +- kind: ServiceAccount + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{.Release.Namespace}} +roleRef: + kind: Role + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +data: + validations.sh: | + #!/bin/sh + set -e + sleep 30 + + if [ -z "$(kubectl api-resources | grep ZookeeperCluster)" ]; then + exit 1 + fi +--- + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +spec: + backoffLimit: 10 + template: + metadata: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + spec: + serviceAccountName: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + restartPolicy: Never + containers: + - name: post-install-upgrade-job + image: "lachlanevenson/k8s-kubectl:v1.23.2" + command: + - /scripts/validations.sh + volumeMounts: + - name: sh + mountPath: /scripts + readOnly: true + volumes: + - name: sh + configMap: + name: {{ template "zookeeper-operator.fullname" . }}-post-install-upgrade + defaultMode: 0555 diff --git a/charts/zookeeper-operator/templates/pre-delete-hooks.yaml b/charts/zookeeper-operator/templates/pre-delete-hooks.yaml index 5d16ace8..01531f48 100644 --- a/charts/zookeeper-operator/templates/pre-delete-hooks.yaml +++ b/charts/zookeeper-operator/templates/pre-delete-hooks.yaml @@ -1,112 +1,112 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -rules: -- apiGroups: - - zookeeper.pravega.io - resources: - - "*" - verbs: - - get - - list ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -subjects: - - kind: ServiceAccount - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - apiGroup: rbac.authorization.k8s.io - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -data: - pre-delete.sh: | - #!/bin/sh - exit_code=0 - echo "Checking for ZookeeperCluster Resource" - - ret=$(kubectl get zookeepercluster --all-namespaces --no-headers 2>&1) - if (echo $ret | grep -e "No resources found" -e "the server doesn't have a resource type \"zookeepercluster\"" > /dev/null); - then - echo "None" - else - echo "$ret" - exit_code=1 - fi - - if [ $exit_code -ne 0 ]; - then - echo "Pre-delete Check Failed" - exit $exit_code - fi - echo "Pre-delete Check OK" ---- - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed -spec: - backoffLimit: 6 - template: - metadata: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - spec: - serviceAccountName: {{ template "zookeeper-operator.fullname" . }}-pre-delete - restartPolicy: Never - containers: - - name: pre-delete-job - image: "lachlanevenson/k8s-kubectl:v1.23.2" - command: - - /scripts/pre-delete.sh - volumeMounts: - - name: sh - mountPath: /scripts - readOnly: true - volumes: - - name: sh - configMap: - name: {{ template "zookeeper-operator.fullname" . }}-pre-delete - defaultMode: 0555 +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +rules: +- apiGroups: + - zookeeper.pravega.io + resources: + - "*" + verbs: + - get + - list +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +subjects: + - kind: ServiceAccount + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +data: + pre-delete.sh: | + #!/bin/sh + exit_code=0 + echo "Checking for ZookeeperCluster Resource" + + ret=$(kubectl get zookeepercluster --all-namespaces --no-headers 2>&1) + if (echo $ret | grep -e "No resources found" -e "the server doesn't have a resource type \"zookeepercluster\"" > /dev/null); + then + echo "None" + else + echo "$ret" + exit_code=1 + fi + + if [ $exit_code -ne 0 ]; + then + echo "Pre-delete Check Failed" + exit $exit_code + fi + echo "Pre-delete Check OK" +--- + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed +spec: + backoffLimit: 6 + template: + metadata: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + spec: + serviceAccountName: {{ template "zookeeper-operator.fullname" . }}-pre-delete + restartPolicy: Never + containers: + - name: pre-delete-job + image: "lachlanevenson/k8s-kubectl:v1.23.2" + command: + - /scripts/pre-delete.sh + volumeMounts: + - name: sh + mountPath: /scripts + readOnly: true + volumes: + - name: sh + configMap: + name: {{ template "zookeeper-operator.fullname" . }}-pre-delete + defaultMode: 0555 diff --git a/charts/zookeeper-operator/templates/role.yaml b/charts/zookeeper-operator/templates/role.yaml index c18682c3..79a5905a 100644 --- a/charts/zookeeper-operator/templates/role.yaml +++ b/charts/zookeeper-operator/templates/role.yaml @@ -1,41 +1,41 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} -rules: -- apiGroups: - - zookeeper.pravega.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - "*" +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +rules: +- apiGroups: + - zookeeper.pravega.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - "*" +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - "*" diff --git a/charts/zookeeper-operator/templates/rolebinding.yaml b/charts/zookeeper-operator/templates/rolebinding.yaml index 970da4c7..1ca67b9e 100644 --- a/charts/zookeeper-operator/templates/rolebinding.yaml +++ b/charts/zookeeper-operator/templates/rolebinding.yaml @@ -1,14 +1,14 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "zookeeper-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} -subjects: -- kind: ServiceAccount - name: zookeeper-operator -roleRef: - kind: Role - name: {{ template "zookeeper-operator.fullname" . }} - apiGroup: rbac.authorization.k8s.io +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "zookeeper-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +subjects: +- kind: ServiceAccount + name: zookeeper-operator +roleRef: + kind: Role + name: {{ template "zookeeper-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/zookeeper-operator/templates/serviceaccount.yaml b/charts/zookeeper-operator/templates/serviceaccount.yaml index 14fc3314..a3cbf2ea 100644 --- a/charts/zookeeper-operator/templates/serviceaccount.yaml +++ b/charts/zookeeper-operator/templates/serviceaccount.yaml @@ -1,7 +1,7 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: zookeeper-operator - namespace: {{ .Release.Namespace }} - labels: -{{ include "zookeeper-operator.commonLabels" . | indent 4 }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: zookeeper-operator + namespace: {{ .Release.Namespace }} + labels: +{{ include "zookeeper-operator.commonLabels" . | indent 4 }} diff --git a/charts/zookeeper-operator/templates/zookeeperclusters-crd.yaml b/charts/zookeeper-operator/templates/zookeeperclusters-crd.yaml index c6597475..4fb92676 100644 --- a/charts/zookeeper-operator/templates/zookeeperclusters-crd.yaml +++ b/charts/zookeeper-operator/templates/zookeeperclusters-crd.yaml @@ -1,5992 +1,5992 @@ -{{- if .Values.crd.create }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - name: zookeeperclusters.zookeeper.pravega.io -spec: - group: zookeeper.pravega.io - names: - kind: ZookeeperCluster - listKind: ZookeeperClusterList - plural: zookeeperclusters - shortNames: - - zk - singular: zookeepercluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The number of ZooKeeper servers in the ensemble - jsonPath: .spec.replicas - name: Replicas - type: integer - - description: The number of ZooKeeper servers in the ensemble that are in a Ready - state - jsonPath: .status.readyReplicas - name: Ready Replicas - type: integer - - description: The current Zookeeper version - jsonPath: .status.currentVersion - name: Version - type: string - - description: The desired Zookeeper version - jsonPath: .spec.image.tag - name: Desired Version - type: string - - description: Client endpoint internal to cluster network - jsonPath: .status.internalClientEndpoint - name: Internal Endpoint - type: string - - description: Client endpoint external to cluster network via LoadBalancer - jsonPath: .status.externalClientEndpoint - name: External Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ZookeeperCluster is the Schema for the zookeeperclusters API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZookeeperClusterSpec defines the desired state of ZookeeperCluster - properties: - adminServerService: - description: AdminServerService defines the policy to create AdminServer - Service for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: Annotations specifies the annotations to attach to - AdminServer service the operator creates. - type: object - external: - type: boolean - type: object - clientService: - description: ClientService defines the policy to create client Service - for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: Annotations specifies the annotations to attach to - client service the operator creates. - type: object - type: object - config: - description: Conf is the zookeeper configuration, which will be used - to generate the static zookeeper configuration. If no configuration - is provided required default values will be provided, and optional - values will be excluded. - properties: - additionalConfig: - additionalProperties: - type: string - description: key-value map of additional zookeeper configuration - parameters - type: object - x-kubernetes-preserve-unknown-fields: true - autoPurgePurgeInterval: - description: "The time interval in hours for which the purge task - has to be triggered \n Disabled by default" - type: integer - autoPurgeSnapRetainCount: - description: "Retain the snapshots according to retain count \n - The default value is 3" - type: integer - commitLogCount: - description: "Zookeeper maintains an in-memory list of last committed - requests for fast synchronization with followers \n The default - value is 500" - type: integer - globalOutstandingLimit: - description: "Clients can submit requests faster than ZooKeeper - can process them, especially if there are a lot of clients. - Zookeeper will throttle Clients so that requests won't exceed - global outstanding limit. \n The default value is 1000" - type: integer - initLimit: - description: "InitLimit is the amount of time, in ticks, to allow - followers to connect and sync to a leader. \n Default value - is 10." - type: integer - maxClientCnxns: - description: "Limits the number of concurrent connections that - a single client, identified by IP address, may make to a single - member of the ZooKeeper ensemble. \n The default value is 60" - type: integer - maxCnxns: - description: "Limits the total number of concurrent connections - that can be made to a zookeeper server \n The defult value is - 0, indicating no limit" - type: integer - maxSessionTimeout: - description: "The maximum session timeout in milliseconds that - the server will allow the client to negotiate. \n The default - value is 40000" - type: integer - minSessionTimeout: - description: "The minimum session timeout in milliseconds that - the server will allow the client to negotiate \n The default - value is 4000" - type: integer - preAllocSize: - description: "To avoid seeks ZooKeeper allocates space in the - transaction log file in blocks of preAllocSize kilobytes \n - The default value is 64M" - type: integer - quorumListenOnAllIPs: - description: "QuorumListenOnAllIPs when set to true the ZooKeeper - server will listen for connections from its peers on all available - IP addresses, and not only the address configured in the server - list of the configuration file. It affects the connections handling - the ZAB protocol and the Fast Leader Election protocol. \n The - default value is false." - type: boolean - snapCount: - description: "ZooKeeper records its transactions using snapshots - and a transaction log The number of transactions recorded in - the transaction log before a snapshot can be taken is determined - by snapCount \n The default value is 100,000" - type: integer - snapSizeLimitInKb: - description: "Snapshot size limit in Kb \n The defult value is - 4GB" - type: integer - syncLimit: - description: "SyncLimit is the amount of time, in ticks, to allow - followers to sync with Zookeeper. \n The default value is 2." - type: integer - tickTime: - description: "TickTime is the length of a single tick, which is - the basic time unit used by Zookeeper, as measured in milliseconds - \n The default value is 2000." - type: integer - type: object - containers: - description: Containers defines to support multi containers - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - domainName: - description: External host name appended for dns annotation - type: string - ephemeral: - description: Ephemeral is the configuration which helps create ephemeral - storage At anypoint only one of Persistence or Ephemeral should - be present in the manifest - properties: - emptydirvolumesource: - description: EmptyDirVolumeSource is optional and this will create - the emptydir volume It has two parameters Medium and SizeLimit - which are optional as well Medium specifies What type of storage - medium should back this directory. SizeLimit specifies Total - amount of local storage required for this EmptyDir volume. - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - headlessService: - description: HeadlessService defines the policy to create headless - Service for the zookeeper cluster. - properties: - annotations: - additionalProperties: - type: string - description: Annotations specifies the annotations to attach to - headless service the operator creates. - type: object - type: object - image: - description: Image is the container image. default is zookeeper:0.2.10 - properties: - pullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - enum: - - Always - - Never - - IfNotPresent - type: string - repository: - type: string - tag: - type: string - type: object - initContainers: - description: Init containers to support initialization - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - kubernetesClusterDomain: - description: Domain of the kubernetes cluster, defaults to cluster.local - type: string - labels: - additionalProperties: - type: string - description: Labels specifies the labels to attach to all resources - the operator creates for the zookeeper cluster, including StatefulSet, - Pod, PersistentVolumeClaim, Service, ConfigMap, et al. - type: object - maxUnavailableReplicas: - description: MaxUnavailableReplicas defines the MaxUnavailable Replicas - in pdb. Default is 1. - format: int32 - type: integer - persistence: - description: Persistence is the configuration for zookeeper persistent - layer. PersistentVolumeClaimSpec and VolumeReclaimPolicy can be - specified in here. - properties: - annotations: - additionalProperties: - type: string - description: Annotations specifies the annotations to attach to - pvc the operator creates. - type: object - reclaimPolicy: - description: VolumeReclaimPolicy is a zookeeper operator configuration. - If it's set to Delete, the corresponding PVCs will be deleted - by the operator when zookeeper cluster is deleted. The default - value is Retain. - enum: - - Delete - - Retain - type: string - spec: - description: PersistentVolumeClaimSpec is the spec to describe - PVC for the container This field is optional. If no PVC is specified - default persistentvolume will get created. - properties: - accessModes: - description: 'accessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified data - source, it will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always have the - same contents as the DataSourceRef field.' - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: 'dataSourceRef specifies the object from which - to populate the volume with data, if a non-empty volume - is desired. This may be any local object from a non-empty - API group (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed - if the type of the specified object matches some installed - volume populator or dynamic provisioner. This field will - replace the functionality of the DataSource field and as - such if both fields are non-empty, they must have the same - value. For backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value automatically - if one of them is empty and the other is non-empty. There - are two important differences between DataSource and DataSourceRef: - * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and generates - an error if a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature gate - to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources the - volume should have. If RecoverVolumeExpansionFailure feature - is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher - than capacity recorded in the status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the PersistentVolume - backing this claim. - type: string - type: object - type: object - pod: - description: Pod defines the policy to create pod for the zookeeper - cluster. Updating the Pod does not take effect on any existing pods. - properties: - affinity: - description: The scheduling constraints on pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: Annotations specifies the annotations to attach to - pods the operator creates. - type: object - env: - description: List of environment variables to set in the container. - This field cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images - items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: array - labels: - additionalProperties: - type: string - description: Labels specifies the labels to attach to pods the - operator creates for the zookeeper cluster. Overrides any values - specified in Spec.Labels. - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector specifies a map of key-value pairs. - For the pod to be eligible to run on a node, the node must have - each of the indicated key-value pairs as labels. - type: object - resources: - description: Resources is the resource requirements for the container. - This field cannot be updated once the cluster is created. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'SecurityContext specifies the security context for - the entire pod More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context' - properties: - fsGroup: - description: "A special supplemental group that applies to - all containers in a pod. Some volume types allow the Kubelet - to change the ownership of that volume to be owned by the - pod: \n 1. The owning GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume will be owned - by FSGroup) 3. The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify the ownership and - permissions of any volume. Note that this field cannot be - set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that - this field cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is - windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile - should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - Note that this field cannot be set when spec.os.name is - windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. Note that this field cannot - be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options within a container's - SecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: Service Account to be used in pods - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds is the amount of time - that kubernetes will give for a pod instance to shutdown normally. - The default value is 30. - format: int64 - minimum: 0 - type: integer - tolerations: - description: Tolerations specifies the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints to apply to the pods - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: 'MaxSkew describes the degree to which pods - may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global - minimum. The global minimum is the minimum number of matching - pods in an eligible domain or zero if the number of eligible - domains is less than MinDomains. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to - zone3 to become 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) violate - MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that - satisfy it. It''s a required field. Default value is 1 - and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation - of Skew is performed. And when the number of eligible - domains with matching topology keys equals or greater - than minDomains, this value has no effect on scheduling. - As a result, when the number of eligible domains is less - than minDomains, scheduler won't schedule more than maxSkew - Pods to those domains. If value is nil, the constraint - behaves as if MinDomains is equal to 1. Valid values are - integers greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set to 5 and pods with - the same labelSelector spread as 2/2/2: | zone1 | zone2 - | zone3 | | P P | P P | P P | The number of domains - is less than 5(MinDomains), so \"global minimum\" is treated - as 0. In this situation, new pod with the same labelSelector - cannot be scheduled, because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. \n This is an alpha field and - requires enabling MinDomainsInPodTopologySpread feature - gate." - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. We define a domain as a particular - instance of a topology. Also, we define an eligible domain - as a domain whose nodes match the node selector. e.g. - If TopologyKey is "kubernetes.io/hostname", each Node - is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule - it. - ScheduleAnyway tells the scheduler to schedule the - pod in any location, but giving higher precedence to topologies - that would help reduce the skew. A constraint is considered - "Unsatisfiable" for an incoming pod if and only if every - possible node assignment for that pod would violate "MaxSkew" - on some topology. For example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same labelSelector spread - as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still be imbalanced, but - scheduler won''t make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - ports: - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and - unique within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred to by - services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - required: - - containerPort - type: object - type: array - probes: - description: Probes specifies the timeout values for the Readiness - and Liveness Probes for the zookeeper pods. - properties: - livenessProbe: - properties: - failureThreshold: - format: int32 - minimum: 0 - type: integer - initialDelaySeconds: - format: int32 - minimum: 0 - type: integer - periodSeconds: - format: int32 - minimum: 0 - type: integer - successThreshold: - format: int32 - minimum: 0 - type: integer - timeoutSeconds: - format: int32 - minimum: 0 - type: integer - type: object - readinessProbe: - properties: - failureThreshold: - format: int32 - minimum: 0 - type: integer - initialDelaySeconds: - format: int32 - minimum: 0 - type: integer - periodSeconds: - format: int32 - minimum: 0 - type: integer - successThreshold: - format: int32 - minimum: 0 - type: integer - timeoutSeconds: - format: int32 - minimum: 0 - type: integer - type: object - type: object - replicas: - description: "Replicas is the expected size of the zookeeper cluster. - The pravega-operator will eventually make the size of the running - cluster equal to the expected size. \n The valid range of size is - from 1 to 7." - format: int32 - minimum: 1 - type: integer - storageType: - description: StorageType is used to tell which type of storage we - will be using It can take either Ephemeral or persistence Default - StorageType is Persistence storage - type: string - triggerRollingRestart: - description: TriggerRollingRestart if set to true will instruct operator - to restart all the pods in the zookeeper cluster, after which this - value will be set to false - type: boolean - volumeMounts: - description: VolumeMounts defines to support customized volumeMounts - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes defines to support customized volumes - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - local object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. - This field will replace the functionality of the - DataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - status: - description: ZookeeperClusterStatus defines the observed state of ZookeeperCluster - properties: - conditions: - description: Conditions list all the applied conditions - items: - description: ClusterCondition shows the current condition of a Zookeeper - cluster. Comply with k8s API conventions - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - lastUpdateTime: - description: The last time this condition was updated. - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of Zookeeper cluster condition. - type: string - type: object - type: array - currentVersion: - description: CurrentVersion is the current cluster version - type: string - externalClientEndpoint: - description: ExternalClientEndpoint is the internal client IP and - port - type: string - internalClientEndpoint: - description: InternalClientEndpoint is the internal client IP and - port - type: string - members: - description: Members is the zookeeper members in the cluster - properties: - ready: - items: - type: string - nullable: true - type: array - unready: - items: - type: string - nullable: true - type: array - type: object - metaRootCreated: - type: boolean - readyReplicas: - description: ReadyReplicas is the number of number of ready replicas - in the cluster - format: int32 - type: integer - replicas: - description: Replicas is the number of number of desired replicas - in the cluster - format: int32 - type: integer - targetVersion: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: zookeeperclusters.zookeeper.pravega.io +spec: + group: zookeeper.pravega.io + names: + kind: ZookeeperCluster + listKind: ZookeeperClusterList + plural: zookeeperclusters + shortNames: + - zk + singular: zookeepercluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The number of ZooKeeper servers in the ensemble + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ZooKeeper servers in the ensemble that are in a Ready + state + jsonPath: .status.readyReplicas + name: Ready Replicas + type: integer + - description: The current Zookeeper version + jsonPath: .status.currentVersion + name: Version + type: string + - description: The desired Zookeeper version + jsonPath: .spec.image.tag + name: Desired Version + type: string + - description: Client endpoint internal to cluster network + jsonPath: .status.internalClientEndpoint + name: Internal Endpoint + type: string + - description: Client endpoint external to cluster network via LoadBalancer + jsonPath: .status.externalClientEndpoint + name: External Endpoint + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ZookeeperCluster is the Schema for the zookeeperclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperClusterSpec defines the desired state of ZookeeperCluster + properties: + adminServerService: + description: AdminServerService defines the policy to create AdminServer + Service for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + AdminServer service the operator creates. + type: object + external: + type: boolean + type: object + clientService: + description: ClientService defines the policy to create client Service + for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + client service the operator creates. + type: object + type: object + config: + description: Conf is the zookeeper configuration, which will be used + to generate the static zookeeper configuration. If no configuration + is provided required default values will be provided, and optional + values will be excluded. + properties: + additionalConfig: + additionalProperties: + type: string + description: key-value map of additional zookeeper configuration + parameters + type: object + x-kubernetes-preserve-unknown-fields: true + autoPurgePurgeInterval: + description: "The time interval in hours for which the purge task + has to be triggered \n Disabled by default" + type: integer + autoPurgeSnapRetainCount: + description: "Retain the snapshots according to retain count \n + The default value is 3" + type: integer + commitLogCount: + description: "Zookeeper maintains an in-memory list of last committed + requests for fast synchronization with followers \n The default + value is 500" + type: integer + globalOutstandingLimit: + description: "Clients can submit requests faster than ZooKeeper + can process them, especially if there are a lot of clients. + Zookeeper will throttle Clients so that requests won't exceed + global outstanding limit. \n The default value is 1000" + type: integer + initLimit: + description: "InitLimit is the amount of time, in ticks, to allow + followers to connect and sync to a leader. \n Default value + is 10." + type: integer + maxClientCnxns: + description: "Limits the number of concurrent connections that + a single client, identified by IP address, may make to a single + member of the ZooKeeper ensemble. \n The default value is 60" + type: integer + maxCnxns: + description: "Limits the total number of concurrent connections + that can be made to a zookeeper server \n The defult value is + 0, indicating no limit" + type: integer + maxSessionTimeout: + description: "The maximum session timeout in milliseconds that + the server will allow the client to negotiate. \n The default + value is 40000" + type: integer + minSessionTimeout: + description: "The minimum session timeout in milliseconds that + the server will allow the client to negotiate \n The default + value is 4000" + type: integer + preAllocSize: + description: "To avoid seeks ZooKeeper allocates space in the + transaction log file in blocks of preAllocSize kilobytes \n + The default value is 64M" + type: integer + quorumListenOnAllIPs: + description: "QuorumListenOnAllIPs when set to true the ZooKeeper + server will listen for connections from its peers on all available + IP addresses, and not only the address configured in the server + list of the configuration file. It affects the connections handling + the ZAB protocol and the Fast Leader Election protocol. \n The + default value is false." + type: boolean + snapCount: + description: "ZooKeeper records its transactions using snapshots + and a transaction log The number of transactions recorded in + the transaction log before a snapshot can be taken is determined + by snapCount \n The default value is 100,000" + type: integer + snapSizeLimitInKb: + description: "Snapshot size limit in Kb \n The defult value is + 4GB" + type: integer + syncLimit: + description: "SyncLimit is the amount of time, in ticks, to allow + followers to sync with Zookeeper. \n The default value is 2." + type: integer + tickTime: + description: "TickTime is the length of a single tick, which is + the basic time unit used by Zookeeper, as measured in milliseconds + \n The default value is 2000." + type: integer + type: object + containers: + description: Containers defines to support multi containers + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + domainName: + description: External host name appended for dns annotation + type: string + ephemeral: + description: Ephemeral is the configuration which helps create ephemeral + storage At anypoint only one of Persistence or Ephemeral should + be present in the manifest + properties: + emptydirvolumesource: + description: EmptyDirVolumeSource is optional and this will create + the emptydir volume It has two parameters Medium and SizeLimit + which are optional as well Medium specifies What type of storage + medium should back this directory. SizeLimit specifies Total + amount of local storage required for this EmptyDir volume. + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + headlessService: + description: HeadlessService defines the policy to create headless + Service for the zookeeper cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + headless service the operator creates. + type: object + type: object + image: + description: Image is the container image. default is zookeeper:0.2.10 + properties: + pullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + enum: + - Always + - Never + - IfNotPresent + type: string + repository: + type: string + tag: + type: string + type: object + initContainers: + description: Init containers to support initialization + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + kubernetesClusterDomain: + description: Domain of the kubernetes cluster, defaults to cluster.local + type: string + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to all resources + the operator creates for the zookeeper cluster, including StatefulSet, + Pod, PersistentVolumeClaim, Service, ConfigMap, et al. + type: object + maxUnavailableReplicas: + description: MaxUnavailableReplicas defines the MaxUnavailable Replicas + in pdb. Default is 1. + format: int32 + type: integer + persistence: + description: Persistence is the configuration for zookeeper persistent + layer. PersistentVolumeClaimSpec and VolumeReclaimPolicy can be + specified in here. + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pvc the operator creates. + type: object + reclaimPolicy: + description: VolumeReclaimPolicy is a zookeeper operator configuration. + If it's set to Delete, the corresponding PVCs will be deleted + by the operator when zookeeper cluster is deleted. The default + value is Retain. + enum: + - Delete + - Retain + type: string + spec: + description: PersistentVolumeClaimSpec is the spec to describe + PVC for the container This field is optional. If no PVC is specified + default persistentvolume will get created. + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always have the + same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any local object from a non-empty + API group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed + if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will + replace the functionality of the DataSource field and as + such if both fields are non-empty, they must have the same + value. For backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. There + are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values (dropping + them), DataSourceRef preserves all values, and generates + an error if a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the + volume should have. If RecoverVolumeExpansionFailure feature + is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher + than capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + type: object + pod: + description: Pod defines the policy to create pod for the zookeeper + cluster. Updating the Pod does not take effect on any existing pods. + properties: + affinity: + description: The scheduling constraints on pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates. + type: object + env: + description: List of environment variables to set in the container. + This field cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pods the + operator creates for the zookeeper cluster. Overrides any values + specified in Spec.Labels. + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. + For the pod to be eligible to run on a node, the node must have + each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources is the resource requirements for the container. + This field cannot be updated once the cluster is created. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext specifies the security context for + the entire pod More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context' + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: Service Account to be used in pods + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds is the amount of time + that kubernetes will give for a pod instance to shutdown normally. + The default value is 30. + format: int64 + minimum: 0 + type: integer + tolerations: + description: Tolerations specifies the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to apply to the pods + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of matching + pods in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - + if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible + domains with matching topology keys equals or greater + than minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains is less + than minDomains, scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. Valid values are + integers greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 | zone2 + | zone3 | | P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will be 3(3 + - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha field and + requires enabling MinDomainsInPodTopologySpread feature + gate." + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes match the node selector. e.g. + If TopologyKey is "kubernetes.io/hostname", each Node + is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + ports: + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and + unique within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred to by + services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + probes: + description: Probes specifies the timeout values for the Readiness + and Liveness Probes for the zookeeper pods. + properties: + livenessProbe: + properties: + failureThreshold: + format: int32 + minimum: 0 + type: integer + initialDelaySeconds: + format: int32 + minimum: 0 + type: integer + periodSeconds: + format: int32 + minimum: 0 + type: integer + successThreshold: + format: int32 + minimum: 0 + type: integer + timeoutSeconds: + format: int32 + minimum: 0 + type: integer + type: object + readinessProbe: + properties: + failureThreshold: + format: int32 + minimum: 0 + type: integer + initialDelaySeconds: + format: int32 + minimum: 0 + type: integer + periodSeconds: + format: int32 + minimum: 0 + type: integer + successThreshold: + format: int32 + minimum: 0 + type: integer + timeoutSeconds: + format: int32 + minimum: 0 + type: integer + type: object + type: object + replicas: + description: "Replicas is the expected size of the zookeeper cluster. + The pravega-operator will eventually make the size of the running + cluster equal to the expected size. \n The valid range of size is + from 1 to 7." + format: int32 + minimum: 1 + type: integer + storageType: + description: StorageType is used to tell which type of storage we + will be using It can take either Ephemeral or persistence Default + StorageType is Persistence storage + type: string + triggerRollingRestart: + description: TriggerRollingRestart if set to true will instruct operator + to restart all the pods in the zookeeper cluster, after which this + value will be set to false + type: boolean + volumeMounts: + description: VolumeMounts defines to support customized volumeMounts + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes defines to support customized volumes + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. If the AnyVolumeDataSource feature + gate is enabled, this field will always have the + same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + local object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. + This field will replace the functionality of the + DataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. There are two important differences + between DataSource and DataSourceRef: * While + DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: ZookeeperClusterStatus defines the observed state of ZookeeperCluster + properties: + conditions: + description: Conditions list all the applied conditions + items: + description: ClusterCondition shows the current condition of a Zookeeper + cluster. Comply with k8s API conventions + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of Zookeeper cluster condition. + type: string + type: object + type: array + currentVersion: + description: CurrentVersion is the current cluster version + type: string + externalClientEndpoint: + description: ExternalClientEndpoint is the internal client IP and + port + type: string + internalClientEndpoint: + description: InternalClientEndpoint is the internal client IP and + port + type: string + members: + description: Members is the zookeeper members in the cluster + properties: + ready: + items: + type: string + nullable: true + type: array + unready: + items: + type: string + nullable: true + type: array + type: object + metaRootCreated: + type: boolean + readyReplicas: + description: ReadyReplicas is the number of number of ready replicas + in the cluster + format: int32 + type: integer + replicas: + description: Replicas is the number of number of desired replicas + in the cluster + format: int32 + type: integer + targetVersion: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/zookeeper-operator/values.yaml b/charts/zookeeper-operator/values.yaml index 8b31dcfb..fe1e5be7 100644 --- a/charts/zookeeper-operator/values.yaml +++ b/charts/zookeeper-operator/values.yaml @@ -1,10 +1,10 @@ -crd: - create: true - -resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "200m" - memory: "256Mi" +crd: + create: true + +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" diff --git a/charts/zookeeper/Chart.yaml b/charts/zookeeper/Chart.yaml index 7f2442ec..672adf63 100644 --- a/charts/zookeeper/Chart.yaml +++ b/charts/zookeeper/Chart.yaml @@ -1,9 +1,9 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Deploying Zookeeper on Kubernetes -name: zookeeper -version: 0.0.1 -icon: "https://zop.dev/logo.png" -maintainers: - - name: ZopDev +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Deploying Zookeeper on Kubernetes +name: zookeeper +version: 0.0.1 +icon: "https://zop.dev/logo.png" +maintainers: + - name: ZopDev url: zop.dev \ No newline at end of file diff --git a/charts/zookeeper/README.md b/charts/zookeeper/README.md index 1ca5c5c3..b304be23 100644 --- a/charts/zookeeper/README.md +++ b/charts/zookeeper/README.md @@ -1,212 +1,212 @@ -# Zookeeper Helm Chart - -This Helm chart deploys Apache Zookeeper, a distributed coordination service for distributed applications, on Kubernetes. Zookeeper provides a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. - ---- - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.0+ -- kubectl configured to communicate with your cluster -- Persistent volume provisioner for storage - ---- - -## Add Helm Repository - -Add the Helm repository by running: - -```bash -helm repo add zopdev https://helm.zop.dev -helm repo update -``` - -For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). - ---- - -## Install Helm Chart - -To deploy the Zookeeper Helm chart, use the following command: - -```bash -helm install [RELEASE_NAME] zopdev/zookeeper -``` - -Replace `[RELEASE_NAME]` with your desired release name. Example: - -```bash -helm install my-zookeeper zopdev/zookeeper -``` - -You can override default values during installation by providing a `values.yaml` file. - -Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. - ---- - -## Uninstall Helm Chart - -To remove the Zookeeper Helm chart and associated resources, run: - -```bash -helm uninstall [RELEASE_NAME] -``` - -Example: - -```bash -helm uninstall my-zookeeper -``` - -Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. - ---- - -## Configuration - -The Zookeeper Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: - -### Image Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `image.registry` | `string` | Container registry for Zookeeper image. | `"docker.io"` | -| `image.repository` | `string` | Container image repository. | `"confluentinc/cp-zookeeper"` | -| `image.tag` | `string` | Container image tag. | `"7.8.0"` | -| `image.pullPolicy` | `string` | Container image pull policy. | `""` | -| `imagePullSecrets` | `array` | Image pull secrets. | `[]` | - -### Deployment Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `replicaCount` | `integer` | Number of Zookeeper replicas. | `3` | -| `minAvailable` | `integer` | Minimum available replicas. | `1` | -| `diskSize` | `string` | Size of persistent volume. | `"1Gi"` | - -### Resource Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `resources.requests.cpu` | `string` | CPU resource requests. | `"100m"` | -| `resources.requests.memory` | `string` | Memory resource requests. | `"500Mi"` | -| `resources.limits.cpu` | `string` | CPU resource limits. | `"500m"` | -| `resources.limits.memory` | `string` | Memory resource limits. | `"1000Mi"` | - -### Zookeeper Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `tickTime` | `integer` | Basic time unit in milliseconds. | `2000` | -| `initLimit` | `integer` | Time to sync followers with leader. | `10` | -| `syncLimit` | `integer` | Time to sync followers with leader. | `5` | -| `maxClientCnxns` | `integer` | Maximum number of client connections. | `60` | -| `quorumListenOnAllIPs` | `boolean` | Whether to listen on all IPs. | `true` | -| `maxSessionTimeout` | `integer` | Maximum session timeout in milliseconds. | `40000` | -| `adminEnableServer` | `boolean` | Whether to enable admin server. | `true` | -| `heapOpts` | `string` | JVM heap options. | `"-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0"` | -| `log4jRootLogLevel` | `string` | Log4j root log level. | `"INFO"` | - -### Port Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `port.peers` | `integer` | Port for peer communication. | `2888` | -| `port.leader` | `integer` | Port for leader election. | `3888` | -| `port.admin` | `integer` | Port for admin server. | `8080` | -| `port.client` | `integer` | Port for client connections. | `2181` | - -### Probe Configuration - -| **Input** | **Type** | **Description** | **Default** | -|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| -| `livenessProbe.enabled` | `boolean` | Whether to enable liveness probe. | `true` | -| `readinessProbe.enabled` | `boolean` | Whether to enable readiness probe. | `true` | - ---- - -## Example `values.yaml` - -```yaml -image: - registry: docker.io - repository: confluentinc/cp-zookeeper - tag: "7.8.0" - pullPolicy: -imagePullSecrets: [] - -replicaCount: 3 -minAvailable: 1 - -resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - -diskSize : 1Gi -``` - ---- - -## Features - -- Deploys Zookeeper with configurable replicas -- Automatic leader election -- Persistent storage for data -- Configurable resource limits and requests -- Health monitoring with liveness and readiness probes -- Security context configuration -- JVM heap optimization -- Log level configuration -- Admin server support -- Client connection management -- Snapshot and transaction log management - ---- - -## Architecture - -The Zookeeper deployment includes: -- Multiple Zookeeper pods for high availability -- Persistent volumes for data storage -- Leader election mechanism -- Health check endpoints -- Resource management -- Security context -- Network configuration for peer and client communication - ---- - -## Security Features - -- Pod security context -- Container security context -- Privilege escalation prevention -- Read-only root filesystem -- Capability restrictions -- Resource limits -- Network security -- Persistent volume security - ---- - -## Contributing - -We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. - ---- - -## Code of Conduct - -To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). - ---- - -## License - +# Zookeeper Helm Chart + +This Helm chart deploys Apache Zookeeper, a distributed coordination service for distributed applications, on Kubernetes. Zookeeper provides a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- kubectl configured to communicate with your cluster +- Persistent volume provisioner for storage + +--- + +## Add Helm Repository + +Add the Helm repository by running: + +```bash +helm repo add zopdev https://helm.zop.dev +helm repo update +``` + +For more details, see the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/). + +--- + +## Install Helm Chart + +To deploy the Zookeeper Helm chart, use the following command: + +```bash +helm install [RELEASE_NAME] zopdev/zookeeper +``` + +Replace `[RELEASE_NAME]` with your desired release name. Example: + +```bash +helm install my-zookeeper zopdev/zookeeper +``` + +You can override default values during installation by providing a `values.yaml` file. + +Refer to the [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for further details. + +--- + +## Uninstall Helm Chart + +To remove the Zookeeper Helm chart and associated resources, run: + +```bash +helm uninstall [RELEASE_NAME] +``` + +Example: + +```bash +helm uninstall my-zookeeper +``` + +Check the [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for more information. + +--- + +## Configuration + +The Zookeeper Helm chart includes several configuration options to tailor the deployment to your needs. Below is a summary of the key configurations: + +### Image Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `image.registry` | `string` | Container registry for Zookeeper image. | `"docker.io"` | +| `image.repository` | `string` | Container image repository. | `"confluentinc/cp-zookeeper"` | +| `image.tag` | `string` | Container image tag. | `"7.8.0"` | +| `image.pullPolicy` | `string` | Container image pull policy. | `""` | +| `imagePullSecrets` | `array` | Image pull secrets. | `[]` | + +### Deployment Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `replicaCount` | `integer` | Number of Zookeeper replicas. | `3` | +| `minAvailable` | `integer` | Minimum available replicas. | `1` | +| `diskSize` | `string` | Size of persistent volume. | `"1Gi"` | + +### Resource Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `resources.requests.cpu` | `string` | CPU resource requests. | `"100m"` | +| `resources.requests.memory` | `string` | Memory resource requests. | `"500Mi"` | +| `resources.limits.cpu` | `string` | CPU resource limits. | `"500m"` | +| `resources.limits.memory` | `string` | Memory resource limits. | `"1000Mi"` | + +### Zookeeper Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `tickTime` | `integer` | Basic time unit in milliseconds. | `2000` | +| `initLimit` | `integer` | Time to sync followers with leader. | `10` | +| `syncLimit` | `integer` | Time to sync followers with leader. | `5` | +| `maxClientCnxns` | `integer` | Maximum number of client connections. | `60` | +| `quorumListenOnAllIPs` | `boolean` | Whether to listen on all IPs. | `true` | +| `maxSessionTimeout` | `integer` | Maximum session timeout in milliseconds. | `40000` | +| `adminEnableServer` | `boolean` | Whether to enable admin server. | `true` | +| `heapOpts` | `string` | JVM heap options. | `"-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0"` | +| `log4jRootLogLevel` | `string` | Log4j root log level. | `"INFO"` | + +### Port Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `port.peers` | `integer` | Port for peer communication. | `2888` | +| `port.leader` | `integer` | Port for leader election. | `3888` | +| `port.admin` | `integer` | Port for admin server. | `8080` | +| `port.client` | `integer` | Port for client connections. | `2181` | + +### Probe Configuration + +| **Input** | **Type** | **Description** | **Default** | +|------------------------------|-----------|------------------------------------------------------------------------------------------------|-----------------------| +| `livenessProbe.enabled` | `boolean` | Whether to enable liveness probe. | `true` | +| `readinessProbe.enabled` | `boolean` | Whether to enable readiness probe. | `true` | + +--- + +## Example `values.yaml` + +```yaml +image: + registry: docker.io + repository: confluentinc/cp-zookeeper + tag: "7.8.0" + pullPolicy: +imagePullSecrets: [] + +replicaCount: 3 +minAvailable: 1 + +resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + +diskSize : 1Gi +``` + +--- + +## Features + +- Deploys Zookeeper with configurable replicas +- Automatic leader election +- Persistent storage for data +- Configurable resource limits and requests +- Health monitoring with liveness and readiness probes +- Security context configuration +- JVM heap optimization +- Log level configuration +- Admin server support +- Client connection management +- Snapshot and transaction log management + +--- + +## Architecture + +The Zookeeper deployment includes: +- Multiple Zookeeper pods for high availability +- Persistent volumes for data storage +- Leader election mechanism +- Health check endpoints +- Resource management +- Security context +- Network configuration for peer and client communication + +--- + +## Security Features + +- Pod security context +- Container security context +- Privilege escalation prevention +- Read-only root filesystem +- Capability restrictions +- Resource limits +- Network security +- Persistent volume security + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. \ No newline at end of file diff --git a/charts/zookeeper/templates/_helpers.tpl b/charts/zookeeper/templates/_helpers.tpl index 361ad8dd..946cca8a 100644 --- a/charts/zookeeper/templates/_helpers.tpl +++ b/charts/zookeeper/templates/_helpers.tpl @@ -1,38 +1,38 @@ -{{- define "zookeeper.name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "zookeeper.fullname" -}} -{{- printf "%s-zookeeper" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "zookeeper.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "zookeeper.labels" -}} -helm.sh/chart: {{ include "zookeeper.chart" . }} -{{ include "zookeeper.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{- define "zookeeper.selectorLabels" -}} -app: {{ .Release.Name }}-{{ include "zookeeper.name" . }} -app.kubernetes.io/name: {{ include "zookeeper.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{- define "zookeeper.serverlist" -}} -{{- $namespace := .Release.Namespace }} -{{- $name := include "zookeeper.fullname" . -}} -{{- $peersPort := .Values.port.peers -}} -{{- $leaderElectionPort := .Values.port.leader -}} -{{- $zk := dict "servers" (list) -}} -{{- range $idx, $v := until (int .Values.replicaCount) }} -{{- $noop := printf "%s-%d.%s-headless.%s.svc.cluster.local:%d:%d" $name $idx $name $namespace (int $peersPort) (int $leaderElectionPort) | append $zk.servers | set $zk "servers" -}} -{{- end }} -{{- printf "%s" (join ";" $zk.servers) | quote -}} +{{- define "zookeeper.name" -}} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "zookeeper.fullname" -}} +{{- printf "%s-zookeeper" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "zookeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "zookeeper.labels" -}} +helm.sh/chart: {{ include "zookeeper.chart" . }} +{{ include "zookeeper.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{- define "zookeeper.selectorLabels" -}} +app: {{ .Release.Name }}-{{ include "zookeeper.name" . }} +app.kubernetes.io/name: {{ include "zookeeper.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "zookeeper.serverlist" -}} +{{- $namespace := .Release.Namespace }} +{{- $name := include "zookeeper.fullname" . -}} +{{- $peersPort := .Values.port.peers -}} +{{- $leaderElectionPort := .Values.port.leader -}} +{{- $zk := dict "servers" (list) -}} +{{- range $idx, $v := until (int .Values.replicaCount) }} +{{- $noop := printf "%s-%d.%s-headless.%s.svc.cluster.local:%d:%d" $name $idx $name $namespace (int $peersPort) (int $leaderElectionPort) | append $zk.servers | set $zk "servers" -}} +{{- end }} +{{- printf "%s" (join ";" $zk.servers) | quote -}} {{- end -}} \ No newline at end of file diff --git a/charts/zookeeper/templates/headless-service.yaml b/charts/zookeeper/templates/headless-service.yaml index 44ebb3e5..5ec42b9f 100644 --- a/charts/zookeeper/templates/headless-service.yaml +++ b/charts/zookeeper/templates/headless-service.yaml @@ -1,29 +1,29 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "zookeeper.fullname" . }}-headless - labels: - {{- include "zookeeper.labels" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: tcp-peers - port: {{ .Values.port.peers }} - protocol: TCP - targetPort: tcp-peers - - name: tcp-leader - port: {{ .Values.port.leader }} - protocol: TCP - targetPort: tcp-leader - - name: http-admin - port: {{ .Values.port.admin }} - protocol: TCP - targetPort: http-admin - - name: tcp-client - port: {{ .Values.port.client }} - protocol: TCP - targetPort: tcp-client - selector: - {{- include "zookeeper.selectorLabels" . | nindent 4 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "zookeeper.fullname" . }}-headless + labels: + {{- include "zookeeper.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: tcp-peers + port: {{ .Values.port.peers }} + protocol: TCP + targetPort: tcp-peers + - name: tcp-leader + port: {{ .Values.port.leader }} + protocol: TCP + targetPort: tcp-leader + - name: http-admin + port: {{ .Values.port.admin }} + protocol: TCP + targetPort: http-admin + - name: tcp-client + port: {{ .Values.port.client }} + protocol: TCP + targetPort: tcp-client + selector: + {{- include "zookeeper.selectorLabels" . | nindent 4 }} diff --git a/charts/zookeeper/templates/poddisruptionbudget.yaml b/charts/zookeeper/templates/poddisruptionbudget.yaml index 936eede1..b5af3a3e 100644 --- a/charts/zookeeper/templates/poddisruptionbudget.yaml +++ b/charts/zookeeper/templates/poddisruptionbudget.yaml @@ -1,11 +1,11 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "zookeeper.fullname" . }}-pdb - labels: - {{- include "zookeeper.labels" . | nindent 4 }} -spec: - minAvailable: {{ .Values.minAvailable | default 1 }} - selector: - matchLabels: - {{- include "zookeeper.selectorLabels" . | nindent 6 }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "zookeeper.fullname" . }}-pdb + labels: + {{- include "zookeeper.labels" . | nindent 4 }} +spec: + minAvailable: {{ .Values.minAvailable | default 1 }} + selector: + matchLabels: + {{- include "zookeeper.selectorLabels" . | nindent 6 }} diff --git a/charts/zookeeper/templates/statefulset.yaml b/charts/zookeeper/templates/statefulset.yaml index 81bb661a..4a5808c7 100644 --- a/charts/zookeeper/templates/statefulset.yaml +++ b/charts/zookeeper/templates/statefulset.yaml @@ -1,149 +1,149 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "zookeeper.fullname" . }} - labels: - {{- include "zookeeper.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "zookeeper.selectorLabels" . | nindent 6 }} - serviceName: {{ include "zookeeper.fullname" . }}-headless - replicas: {{ .Values.replicaCount }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "zookeeper.selectorLabels" . | nindent 8 }} - spec: - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - affinity: - {{- if .Values.affinity }} - {{ toYaml .Values.affinity | indent 8 }} - {{- else }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - zookeeper - topologyKey: kubernetes.io/hostname - weight: 1 - {{- end }} - containers: - - name: {{ .Chart.Name }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}" - env: - - name: ZOOKEEPER_CLIENT_PORT - value: {{ .Values.port.client | int | quote }} - - name: ZOOKEEPER_TICK_TIME - value: {{ .Values.tickTime | int | quote }} - - name: ZOOKEEPER_INIT_LIMIT - value: {{ .Values.initLimit | int | quote }} - - name: ZOOKEEPER_SYNC_LIMIT - value: {{ .Values.syncLimit | int | quote }} - - name: ZOOKEEPER_MAX_CLIENT_CNXNS - value: {{ .Values.maxClientCnxns | int | quote }} - - name: ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL - value: {{ .Values.autopurge.purgeInterval | int | quote }} - - name: ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT - value: {{ .Values.autopurge.snapRetainCount | int | quote }} - - name: ZOOKEEPER_QUORUM_LISTEN_ON_ALL_IPS - value: {{ .Values.quorumListenOnAllIPs | quote }} - - name: ZOOKEEPER_MAX_SESSION_TIMEOUT - value: {{ .Values.maxSessionTimeout | int | quote }} - - name: ZOOKEEPER_ADMIN_ENABLE_SERVER - value: {{ .Values.adminEnableServer | quote }} - - name: ZOOKEEPER_LOG4J_ROOT_LOGLEVEL - value: {{ .Values.log4jRootLogLevel | quote }} - - name: KAFKA_HEAP_OPTS - value: {{ .Values.heapOpts | quote }} - - name : ZOOKEEPER_SERVERS - value: {{ include "zookeeper.serverlist" . }} - - name: ZOOKEEPER_SERVER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - "bash" - - "-c" - - | - ZK_FIX_HOST_REGEX="s/${HOSTNAME}\.[^:]*:/0.0.0.0:/g" - ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \ - ZOOKEEPER_SERVERS=`echo $ZOOKEEPER_SERVERS | sed -e "$ZK_FIX_HOST_REGEX"` \ - /etc/confluent/docker/run - ports: - - name: tcp-client - containerPort: {{ .Values.port.client }} - - name: tcp-peers - containerPort: {{ .Values.port.peers }} - - name: tcp-leader - containerPort: {{ .Values.port.leader }} - - name: http-admin - containerPort: {{ .Values.port.admin }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /commands/ruok - port: http-admin - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /commands/ruok - port: http-admin - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - - name: data - mountPath: /var/lib/zookeeper/data - - name: log - mountPath: /var/lib/zookeeper/log - - name: config - mountPath: /etc/kafka - - name: logs - mountPath: /var/log - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumes: - - name: config - emptyDir: {} - - name: logs - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.diskSize | quote }} - - metadata: - name: log - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.diskSize | quote }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "zookeeper.fullname" . }} + labels: + {{- include "zookeeper.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "zookeeper.selectorLabels" . | nindent 6 }} + serviceName: {{ include "zookeeper.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + {{- include "zookeeper.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + affinity: + {{- if .Values.affinity }} + {{ toYaml .Values.affinity | indent 8 }} + {{- else }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - zookeeper + topologyKey: kubernetes.io/hostname + weight: 1 + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}" + env: + - name: ZOOKEEPER_CLIENT_PORT + value: {{ .Values.port.client | int | quote }} + - name: ZOOKEEPER_TICK_TIME + value: {{ .Values.tickTime | int | quote }} + - name: ZOOKEEPER_INIT_LIMIT + value: {{ .Values.initLimit | int | quote }} + - name: ZOOKEEPER_SYNC_LIMIT + value: {{ .Values.syncLimit | int | quote }} + - name: ZOOKEEPER_MAX_CLIENT_CNXNS + value: {{ .Values.maxClientCnxns | int | quote }} + - name: ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL + value: {{ .Values.autopurge.purgeInterval | int | quote }} + - name: ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT + value: {{ .Values.autopurge.snapRetainCount | int | quote }} + - name: ZOOKEEPER_QUORUM_LISTEN_ON_ALL_IPS + value: {{ .Values.quorumListenOnAllIPs | quote }} + - name: ZOOKEEPER_MAX_SESSION_TIMEOUT + value: {{ .Values.maxSessionTimeout | int | quote }} + - name: ZOOKEEPER_ADMIN_ENABLE_SERVER + value: {{ .Values.adminEnableServer | quote }} + - name: ZOOKEEPER_LOG4J_ROOT_LOGLEVEL + value: {{ .Values.log4jRootLogLevel | quote }} + - name: KAFKA_HEAP_OPTS + value: {{ .Values.heapOpts | quote }} + - name : ZOOKEEPER_SERVERS + value: {{ include "zookeeper.serverlist" . }} + - name: ZOOKEEPER_SERVER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - "bash" + - "-c" + - | + ZK_FIX_HOST_REGEX="s/${HOSTNAME}\.[^:]*:/0.0.0.0:/g" + ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \ + ZOOKEEPER_SERVERS=`echo $ZOOKEEPER_SERVERS | sed -e "$ZK_FIX_HOST_REGEX"` \ + /etc/confluent/docker/run + ports: + - name: tcp-client + containerPort: {{ .Values.port.client }} + - name: tcp-peers + containerPort: {{ .Values.port.peers }} + - name: tcp-leader + containerPort: {{ .Values.port.leader }} + - name: http-admin + containerPort: {{ .Values.port.admin }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /commands/ruok + port: http-admin + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /commands/ruok + port: http-admin + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + - name: data + mountPath: /var/lib/zookeeper/data + - name: log + mountPath: /var/lib/zookeeper/log + - name: config + mountPath: /etc/kafka + - name: logs + mountPath: /var/log + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: config + emptyDir: {} + - name: logs + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.diskSize | quote }} + - metadata: + name: log + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.diskSize | quote }} diff --git a/charts/zookeeper/values.yaml b/charts/zookeeper/values.yaml index d626343c..a393891c 100644 --- a/charts/zookeeper/values.yaml +++ b/charts/zookeeper/values.yaml @@ -1,68 +1,68 @@ -image: - registry: docker.io - repository: confluentinc/cp-zookeeper - tag: "7.8.0" - pullPolicy: -imagePullSecrets: [] - -replicaCount: 3 -minAvailable: 1 - -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - -podSecurityContext: - fsGroup: 1000 - -securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - -resources: - requests: - cpu: "100m" - memory: "500Mi" - limits: - cpu: "500m" - memory: "1000Mi" - -diskSize : 1Gi - -## Zookeeper Configuration -tickTime: 2000 -initLimit: 10 -syncLimit: 5 -maxClientCnxns: 60 -autopurge: - purgeInterval: 24 - snapRetainCount: 3 -quorumListenOnAllIPs: true -maxSessionTimeout: 40000 -adminEnableServer: true -heapOpts: "-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0" -log4jRootLogLevel: INFO - -port: - peers: 2888 - leader: 3888 - admin: 8080 +image: + registry: docker.io + repository: confluentinc/cp-zookeeper + tag: "7.8.0" + pullPolicy: +imagePullSecrets: [] + +replicaCount: 3 +minAvailable: 1 + +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + +podSecurityContext: + fsGroup: 1000 + +securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + +resources: + requests: + cpu: "100m" + memory: "500Mi" + limits: + cpu: "500m" + memory: "1000Mi" + +diskSize : 1Gi + +## Zookeeper Configuration +tickTime: 2000 +initLimit: 10 +syncLimit: 5 +maxClientCnxns: 60 +autopurge: + purgeInterval: 24 + snapRetainCount: 3 +quorumListenOnAllIPs: true +maxSessionTimeout: 40000 +adminEnableServer: true +heapOpts: "-XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0" +log4jRootLogLevel: INFO + +port: + peers: 2888 + leader: 3888 + admin: 8080 client: 2181 \ No newline at end of file diff --git a/docs/index.html b/docs/index.html index b5ae231f..b875456c 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,153 +1,153 @@ - - - - - - - Zopdev Integration - Connect Your DevOps Tools - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-

Connect Zopdev with the Tools You Already Use

-

Seamlessly connect Zopdev with the essential tools your DevOps team relies on every dayβ€”CI/CD platforms, monitoring solutions, alerting systems, cloud services, and collaboration appsβ€”all in one place.

-
- -
- Integration illustration showing connected tools -
-
-
- -
-
-
-

Featured Integrations

- - -
- - GitHub Logo - Github - - - -
- -
- - -
- - -
Press forward slash to focus search
-
- - -
- - -
-
- - -
-
-

Applications

-
-
-
- -
-

Datastore

-
-
-
- -
-
-
-
-
-
- - -
- - - - -
- - - - - - - + + + + + + + Zopdev Integration - Connect Your DevOps Tools + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+

Connect Zopdev with the Tools You Already Use

+

Seamlessly connect Zopdev with the essential tools your DevOps team relies on every dayβ€”CI/CD platforms, monitoring solutions, alerting systems, cloud services, and collaboration appsβ€”all in one place.

+
+ +
+ Integration illustration showing connected tools +
+
+
+ +
+
+
+

Featured Integrations

+ + +
+ + GitHub Logo + Github + + + +
+ +
+ + +
+ + +
Press forward slash to focus search
+
+ + +
+ + +
+
+ + +
+
+

Applications

+
+
+
+ +
+

Datastore

+
+
+
+ +
+
+
+
+
+
+ + +
+ + + + +
+ + + + + + + diff --git a/docs/index.yaml b/docs/index.yaml index be10716f..8040adad 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,2193 +1,2193 @@ -apiVersion: v1 -entries: - cassandra: - - annotations: - type: datasource - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.262269+05:30" - description: Helm chart for deploying cassandra - digest: 5ad8c3dd137ecef4ee348b7f855f0b6e2f0860040a5faea921bac812ebe0344e - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png - maintainers: - - name: ZopDev - url: zop.dev - name: cassandra - urls: - - https://helm.zop.dev/cassandra-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: datasource - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.261974+05:30" - description: Helm chart for deploying cassandra - digest: 8204a7e66878a8c14cd517fb4db71afe9980a1f194f850aba1d0b972f708604a - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png - maintainers: - - name: ZopDev - url: zop.dev - name: cassandra - urls: - - https://helm.zop.dev/cassandra-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.261823+05:30" - description: Helm chart for deploying cassandra - digest: d8c73f81cbbf8d9c32118c2939ff855a36a1b6c8c593baf77bfb6b99f161c8a3 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png - maintainers: - - name: ZopDev - url: zop.dev - name: cassandra - urls: - - https://helm.zop.dev/cassandra-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.260845+05:30" - description: Helm chart for deploying cassandra - digest: f45dea69d490bc1e07764fc2e632cabda6465b4a99d12ed6c78eb4646b742e11 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cassandra - urls: - - https://helm.zop.dev/cassandra-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.26046+05:30" - description: Helm chart for deploying cassandra - digest: 87dcf6e85af6afe5ff9c90bb29272edbc9cb21ce8019361015b1733442644ca9 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cassandra - urls: - - https://helm.zop.dev/cassandra-v0.0.1.tgz - version: v0.0.1 - chromadb: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.262742+05:30" - description: Helm chart for deploying chromadb datastore - digest: 94ca640fc537837c955a55a41e53da01b38203fe28e9e5df92f7f121ac51f68e - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: chromadb - urls: - - https://helm.zop.dev/chromadb-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.262584+05:30" - description: Helm chart for deploying chromadb datastore - digest: ba37d2c0312b72096223fae3329696dd8b5c0f050712369a7d17d61136c7a91b - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: chromadb - urls: - - https://helm.zop.dev/chromadb-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.262431+05:30" - description: Helm chart for deploying chromadb datastore - digest: 4b595dd52a315a9c5731a2407c33840e5f9d838c0faa534a65348a927e63ea7d - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: chromadb - urls: - - https://helm.zop.dev/chromadb-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.260166+05:30" - description: Helm chart for deploying chromadb datastore - digest: e80e4a44755d08f58044aaffc16074668015f121b5a7359cd20b75526a46ee3a - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: chromadb - urls: - - https://helm.zop.dev/Chromadb-v0.0.1.tgz - version: v0.0.1 - cockroachdb: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.263557+05:30" - description: Helm chart for deploying cockroachdb datastore - digest: aafca1db83b781cfc87de37fae49dc57122fb7c0b57dacee765a7fb8de72cfc1 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png - maintainers: - - name: ZopDev - url: zop.dev - name: cockroachdb - urls: - - https://helm.zop.dev/cockroachdb-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.263408+05:30" - description: Helm chart for deploying cockroachdb datastore - digest: 2bea5770d823248ddf13b2930796e7c58ee72323683f7e5d39851d500d680b29 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png - maintainers: - - name: ZopDev - url: zop.dev - name: cockroachdb - urls: - - https://helm.zop.dev/cockroachdb-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.263247+05:30" - description: Helm chart for deploying cockroachdb datastore - digest: 413d30a76f216aaba3e6e8768d3195006d5248e15f26884291031ad311c111d2 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png - maintainers: - - name: ZopDev - url: zop.dev - name: cockroachdb - urls: - - https://helm.zop.dev/cockroachdb-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.263091+05:30" - description: Helm chart for deploying cockroachdb datastore - digest: 34f77cf414230048d6da77866c1ac39093625e761b5c68c71b7e214a4191da09 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cockroachdb - urls: - - https://helm.zop.dev/cockroachdb-v0.0.1.tgz - version: v0.0.1 - cron-job: - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.265652+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: df89a1f9b87ee180ff45fed5106197ebc98dde611fe12fc26665096d8ad22071 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.17.tgz - version: v0.0.17 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.265511+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: b09b48b17c5518b18ff360770bcdb54f1babd195d1f9eabaccbc2dd0041a0ab3 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.16.tgz - version: v0.0.16 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.265365+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 56cb5aa749ecb2d7b6a44b1cc7598bdab04319be280731233e7f1c3edaf0c81a - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.15.tgz - version: v0.0.15 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.26522+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 9fe2649ba7a57a70efbadd6fc7f630f689a285411b6a9a82fa71797f3729d7d1 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.14.tgz - version: v0.0.14 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.264956+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: cea536911b8a40c81d0dea88039b651e822f7f520cac1bc7984f1436f6d2db1e - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.13.tgz - version: v0.0.13 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.264812+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 462e6ec152db5248ef7f16884414dc5230e07800b7b068f3f57cb759439f2051 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.12.tgz - version: v0.0.12 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.264657+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 5ec17930747dbefa44d30240d1ecc94f649084f8a252ad3351b5a5f7463bb592 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.11.tgz - version: v0.0.11 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.264471+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: ebc0c13fa2b4c085475168759a66c464801a099c00e60790ee3c141a619208e6 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.10.tgz - version: v0.0.10 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266979+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: c59e1c2ca03efcd354674efd6c6142bb897a522511b21ab2204d758c0ad7838d - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.9.tgz - version: v0.0.9 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266736+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: b0b0f1b080fb355d0c0a4c9a793aa08c42ae3d346d3d35924b160402146f3ba4 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.8.tgz - version: v0.0.8 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266602+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 68deab7c093b6399751337046e2e3d44b2f92583ff5897268b2e7096c3ecc7d4 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.7.tgz - version: v0.0.7 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266472+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 12ef691b470c85021dea5a2abb22ed85a1eeb0eebb639b4e961ebc9e48b77379 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.6.tgz - version: v0.0.6 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266341+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: feacad697b021e3101356c723937a67384ce40b20d8262f8cb0dccb778ce3409 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.5.tgz - version: v0.0.5 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266208+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: a0b223548907a6e97153e62a80c71fa20a2d1b44d6ddd6f86c99ee1d0bded277 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.266078+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 915559e842b254eb709dae62904e6021123d76fba00367c0f676ea471fd9bb34 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.265784+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: 8647eaeb33477970ec574dfea3549f71d480bb89cac42b99fba36a4f56d2c64f - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.263896+05:30" - description: Helm chart creates a cron-job, service, alerts along with serviceMonitor - etc - digest: d8ab447cd5bff82957fc1bafdd4a1bdab91cea3b9eba179f17359d4b6265718b - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: cron-job - urls: - - https://helm.zop.dev/cron-job-v0.0.1.tgz - version: v0.0.1 - dgraph: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.268257+05:30" - description: Helm chart for deploying dgraph datastore - digest: 39df09aa5c2fd7d4ff91f023a4257a3fc5690538b99a5a666f9a22d99d3f3c9c - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png - maintainers: - - name: ZopDev - url: zop.dev - name: dgraph - urls: - - https://helm.zop.dev/dgraph-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.268008+05:30" - description: Helm chart for deploying dgraph datastore - digest: da8b3703d231048d9831066e82fd1a6c6dff59da7a786e8396137b2c22d6ef62 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png - maintainers: - - name: ZopDev - url: zop.dev - name: dgraph - urls: - - https://helm.zop.dev/dgraph-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.26767+05:30" - description: Helm chart for deploying dgraph datastore - digest: 81cd012d3d9b7a4b5275d4e0bc16f15cf4c4636eee17d7177c124c37c3f70a34 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: dgraph - urls: - - https://helm.zop.dev/dgraph-v0.0.1.tgz - version: v0.0.1 - jupyterhub: - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.270993+05:30" - description: Helm chart for Deploying JupyterHub - digest: f84e94e60206ce31fd483c8f95509e3a0633bd37ac69ead5260d25b49c7c2e3d - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png - maintainers: - - name: ZopDev - url: zop.dev - name: jupyterhub - type: application - urls: - - https://helm.zop.dev/jupyterhub-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.269912+05:30" - description: Helm chart for Deploying JupyterHub - digest: 557ab4461adc4e40e2e1ddd0de44f12d06d76ff0b0a42f29feb39b63c7e49360 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png - maintainers: - - name: ZopDev - url: zop.dev - name: jupyterhub - urls: - - https://helm.zop.dev/jupyterhub-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.269039+05:30" - description: Helm chart for Deploying JupyterHub - digest: 93a2b8063b3bc5ec24e4b9e0978913fa0f79b951e73913f562746cbc9353b0bd - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png - maintainers: - - name: ZopDev - url: zop.dev - name: jupyterhub - type: application - urls: - - https://helm.zop.dev/jupyterhub-v0.0.1.tgz - version: v0.0.1 - kafka: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.272532+05:30" - dependencies: - - alias: zookeeper - condition: zookeeper.enabled - name: zookeeper - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart deploys kafka - digest: 9394597bfeec6edae3c9b8b1729297a13cb9dd4a74a012095b8d960305402d73 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png - maintainers: - - name: ZopDev - url: zop.dev - name: kafka - urls: - - https://helm.zop.dev/kafka-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.272257+05:30" - dependencies: - - alias: zookeeper - condition: zookeeper.enabled - name: zookeeper - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart deploys kafka - digest: b086214f489535305a6b173d078b1ab68c8685afca1b74cbac24f86e2d5f508b - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png - maintainers: - - name: ZopDev - url: zop.dev - name: kafka - urls: - - https://helm.zop.dev/kafka-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.271681+05:30" - dependencies: - - alias: zookeeper - condition: zookeeper.enabled - name: zookeeper - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart deploys kafka - digest: b615dcd35b8a88b0adffe5d78033ed6eb9e77c62eea3432af78e2e3daa21b58f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png - maintainers: - - name: ZopDev - url: zop.dev - name: kafka - urls: - - https://helm.zop.dev/kafka-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.271312+05:30" - description: Helm chart deploys kafka - digest: 1a6d2313a07f4a2786e0fb94acb3cdf30215cf652628f397a91bb68aaa1717e1 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: kafka - urls: - - https://helm.zop.dev/kafka-v0.0.1.tgz - version: v0.0.1 - mariadb: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.27347+05:30" - description: Helm chart for deploying mariadb datastore - digest: 6b45a459eee41308010175d20ab5caf884bdef6bd9f75e9327c02e9703eace6f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png - maintainers: - - name: ZopDev - url: zop.dev - name: mariadb - urls: - - https://helm.zop.dev/mariadb-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.273263+05:30" - description: Helm chart for deploying mariadb datastore - digest: 301f9f4ce7bc4ed7c87078ba28ecbb9b41527eb244cce884c57b684bbcabc156 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png - maintainers: - - name: ZopDev - url: zop.dev - name: mariadb - urls: - - https://helm.zop.dev/mariadb-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.272935+05:30" - description: Helm chart for deploying mariadb datastore - digest: 5f5b91c6e5b772c5b4b862b7dab3bb3c89b346c0af1c53414afcc5beae74f6a6 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png - maintainers: - - name: ZopDev - url: zop.dev - name: mariadb - urls: - - https://helm.zop.dev/mariadb-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.272752+05:30" - description: Helm chart for deploying mariadb datastore - digest: 27f9e8208c4c87915296c1e4a00c2bd0cb6ff48806b2f4e62a11cc85ec66567b - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: mariadb - urls: - - https://helm.zop.dev/mariadb-v0.0.1.tgz - version: v0.0.1 - mysql: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.274705+05:30" - description: Helm chart for deploying mysql datastore - digest: f9a418fb02ae3cee19f627015c84eadf2d9d97dd53e0a2bf0ee8f0b416ebeacc - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.16.tgz - version: v0.0.16 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.27456+05:30" - description: Helm chart for deploying mysql datastore - digest: 54bb226a20cf47b56ae0a07585b450f0c0b98e228a4c44567910c1eac18fb858 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.15.tgz - version: v0.0.15 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.274412+05:30" - description: Helm chart for deploying mysql datastore - digest: ba225be6ddab11b576bdbfa7ce977fd8b82e47d427f8fa022c122443c872b119 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.14.tgz - version: v0.0.14 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.274261+05:30" - description: Helm chart for deploying mysql datastore - digest: 47cd9bffa81e71ce96fdea4303d407d20ed17fc52eeaa29bca329553a5aca117 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.13.tgz - version: v0.0.13 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.274113+05:30" - description: Helm chart for deploying mysql datastore - digest: 0a700f2d21091b08e4dffe41fcfe951a31bfcea320df10051e2d27175979a8d6 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.12.tgz - version: v0.0.12 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.273972+05:30" - description: Helm chart for deploying mysql datastore - digest: 61ec682378d67ee959c57acb2a6cb0f60d54bd5a1cf0cac4f8dc88f31b6771e6 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.11.tgz - version: v0.0.11 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.273817+05:30" - description: Helm chart for deploying mysql datastore - digest: 693f49466f3aa2741fef88115d1cd7c220c2580747cd58801244cdafceb54df1 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.10.tgz - version: v0.0.10 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.277041+05:30" - description: Helm chart for deploying mysql datastore - digest: f6cea40dae37912aeb37318baeaf51dc048758031492a22ecd7d5d66c12b23bc - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.9.tgz - version: v0.0.9 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.276893+05:30" - description: Helm chart for deploying mysql datastore - digest: 72cfd04c203bb9e90d50aa06ad2bdd090b546e92c1132f51d485122c7f483105 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.8.tgz - version: v0.0.8 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.276741+05:30" - description: Helm chart for deploying mysql datastore - digest: cd4a6304ec32384c5a278ba4cc356d5d36abecf639f5c1b49ce8fc0eff4016d6 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.7.tgz - version: v0.0.7 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.276384+05:30" - description: Helm chart for deploying mysql datastore - digest: 3eb4fdd1593a952a7ff7a10310b48484047eabeacadcf3f039e32d7f1a130c13 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.6.tgz - version: v0.0.6 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.276159+05:30" - description: Helm chart for deploying mysql datastore - digest: d3635b40f2b416a5616ff1ba50d9572318e285ead03213ee7a5a45caaa8ab5e8 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.275822+05:30" - description: Helm chart for deploying mysql datastore - digest: 22a84b7172e1424845524d9c2a06a3ec7c29f445349ff4650531001bd50fb5a8 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.275567+05:30" - description: Helm chart for deploying mysql datastore - digest: cd72e08b2235de99a477dfad97c1d13fff7ae5e37397f0d6dbd682bf949b2046 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.27494+05:30" - description: Helm chart for deploying mysql datastore - digest: 7e4bf128d43f03e3930457b8eb731935c98c82b2528a5c28559a921850cb5922 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.273671+05:30" - description: Helm chart for deploying mysql datastore - digest: d1b0b8aff145de7076aa97054be6da52e769ac7be00d8453500a75ac82cc0d07 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: mysql - urls: - - https://helm.zop.dev/mysql-v0.0.1.tgz - version: v0.0.1 - opentsdb: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.27737+05:30" - description: Helm chart for deploying opentsdb - digest: ceb20fb363bef19fbc077ba7647b389a9741f0b748b555f23e2e6bd6b5f97020 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png - maintainers: - - name: ZopDev - url: zop.dev - name: opentsdb - urls: - - https://helm.zop.dev/opentsdb-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.277256+05:30" - description: Helm chart for deploying opentsdb - digest: e20e1734631e6079fe6e8e44b6c63d46c49c9888f99e0b9706d22bed09b4c8be - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png - maintainers: - - name: ZopDev - url: zop.dev - name: opentsdb - urls: - - https://helm.zop.dev/opentsdb-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.277135+05:30" - description: Helm chart for deploying opentsdb - digest: fd3473ad09c60da40c8ddbb319a4c015774d0ae35c0e7da5556949bcbde39f7e - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: opentsdb - urls: - - https://helm.zop.dev/opentsdb-v0.0.1.tgz - version: v0.0.1 - outline: - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.280768+05:30" - dependencies: - - name: postgres - repository: https://helm.zop.dev - version: 0.0.3 - - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying outline app - digest: 493f084a8118d3f4cf4dec739962cd7becd0e20f8d54744fd50981ecb3f69227 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: outline - type: application - urls: - - https://helm.zop.dev/outline-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.280126+05:30" - dependencies: - - name: postgres - repository: https://helm.zop.dev - version: 0.0.3 - - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying outline app - digest: 74081193fcd0c6d35af8997ac025abee2b3218bdba3e019df15b4987d31a058f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: outline - urls: - - https://helm.zop.dev/outline-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.279347+05:30" - dependencies: - - name: postgres - repository: https://helm.zop.dev - version: 0.0.3 - - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying outline app - digest: f70712a9c6be22b55a395ceb288e38da018373983264a621c7b1a1f4b62eb63f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: outline - type: application - urls: - - https://helm.zop.dev/outline-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.278509+05:30" - dependencies: - - name: postgres - repository: https://helm.zop.dev - version: 0.0.3 - - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying outline app - digest: c88d673d0b2cfb490263783faa237ae69788980eec8df28c0d5aef7e4bcfd940 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: outline - type: application - urls: - - https://helm.zop.dev/outline-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.277915+05:30" - description: Helm chart for deploying outline app - digest: 4a24106f04a0e89503000afc5a7fd2546eff2e092caf500b12a48bbd2d17e659 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: outline - urls: - - https://helm.zop.dev/outline-v0.0.1.tgz - version: v0.0.1 - postgres: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.281166+05:30" - description: Helm chart for deploying postgres datastore - digest: c017d3ee10187abf8e55c01a6aa197a889e2108d4177fd27a852ea0066f2702f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.10.tgz - version: v0.0.10 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.282338+05:30" - description: Helm chart for deploying postgres datastore - digest: 623814cf583d824ed687749f0b089cd8a7e7a2b2163a26ae45cd34450323df27 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.9.tgz - version: v0.0.9 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.282154+05:30" - description: Helm chart for deploying postgres datastore - digest: 760b6075b10c9044cade7a1692a1a2b22363335710ac50a60e90890864665e41 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.8.tgz - version: v0.0.8 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.281977+05:30" - description: Helm chart for deploying postgres datastore - digest: d155a052c1ede6249edb2b0b30720ddaf0e7dda52bc352d4f231359e40456068 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.7.tgz - version: v0.0.7 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.281818+05:30" - description: Helm chart for deploying postgres datastore - digest: c1767b70e53d69d8680170e759780cdc4492f483f5896307412355331c16c7ea - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.6.tgz - version: v0.0.6 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.281664+05:30" - description: Helm chart for deploying postgres datastore - digest: 06347f98453069747de484984e4dafe36bbf79f386ef76f3de735d6ece206085 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.281537+05:30" - description: Helm chart for deploying postgres datastore - digest: 75b652602f68dc46effc64332320aa5383b89561db869db77396bd1ab0ff55b6 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.28141+05:30" - description: Helm chart for deploying postgres datastore - digest: 8d9d5a47255fc7d149c3975386c0adf8b3e9ad66ae9d6c1da0ca7ea7d9cf3f69 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.28129+05:30" - description: Helm chart for deploying postgres datastore - digest: ffc38c1a1dbc3f4e2db9ff742475e2380094c912d9f84a3a2e6511fac6f04133 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.280989+05:30" - description: Helm chart for deploying postgres datastore - digest: 6e8a630281561184374d252a30f3541faa49fed00d072d4e0b37b4363b1bdc7b - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: postgres - urls: - - https://helm.zop.dev/postgres-v0.0.1.tgz - version: v0.0.1 - redis: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.2834+05:30" - description: Helm chart deploys redis instance - digest: 54cb3cd6a2fc657a8c9074177e0472a1363b190ec7fe359f8d537fbcc2ff33d0 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: redis - urls: - - https://helm.zop.dev/redis-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.283137+05:30" - description: Helm chart deploys redis instance - digest: 09e347bc7fb6663917771eb3c345f3d86ed552d3fdafab6a4db4cefddd3da40b - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: redis - urls: - - https://helm.zop.dev/redis-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.282756+05:30" - description: Helm chart deploys redis instance - digest: 29fea3bd4a21a6e3af62c433d46406361ec09348b65f7a761c55a8fe0f36d90c - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: redis - urls: - - https://helm.zop.dev/redis-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.282561+05:30" - description: Helm chart deploys redis instance - digest: a25641daa9934bd778b27d537c2c3f5ed8bbc80df243e615b5abd78af43f1920 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg - maintainers: - - name: ZopDev - url: zop.dev - name: redis - urls: - - https://helm.zop.dev/redis-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.282436+05:30" - description: Helm chart deploys redis instance - digest: a1181c8d8c0808bfcbcd59a7ba08d675f83285221fff6fa10bc3fbc6014305e2 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: redis - urls: - - https://helm.zop.dev/redis-v0.0.1.tgz - version: v0.0.1 - redisdistributed: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.284557+05:30" - description: Helm chart deploys redis distributed instance - digest: ef079609c1fcb4d3fff8c961050551aed044cee88161f808a044d3fc8a7d7567 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png - maintainers: - - name: ZopDev - url: zop.dev - name: redisdistributed - urls: - - https://helm.zop.dev/redisdistributed-v0.0.9.tgz - version: v0.0.9 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.284165+05:30" - description: Helm chart deploys redis distributed instance - digest: 8e331db39a745eec8d28e365d044b82717631ef1c74cd8d1ded504546e55e586 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png - maintainers: - - name: ZopDev - url: zop.dev - name: redisdistributed - urls: - - https://helm.zop.dev/redisdistributed-v0.0.8.tgz - version: v0.0.8 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.283819+05:30" - description: Helm chart deploys redis distributed instance - digest: 46722cb13848de0ecd10e75b1ae0c34ae14d9bd648c46175357c3e1a4973be9c - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png - maintainers: - - name: ZopDev - url: zop.dev - name: redisdistributed - urls: - - https://helm.zop.dev/redisdistributed-v0.0.7.tgz - version: v0.0.7 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.283631+05:30" - description: Helm chart deploys redis distributed instance - digest: dca0d7799dc7c6f51ba5d64cb9708bade16a19446a543fa98b43093576291108 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png - maintainers: - - name: ZopDev - url: zop.dev - name: redisdistributed - urls: - - https://helm.zop.dev/redisdistributed-v0.0.6.tgz - version: v0.0.6 - scylladb: - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.284679+05:30" - description: Helm chart for deploying ScyllaDB - digest: 715797a89c9a8d06bfd839f68a18b4a720db459539581043daf153d72994e420 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: scylladb - urls: - - https://helm.zop.dev/scylladb-v0.0.1.tgz - version: v0.0.1 - service: - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.290754+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 3cabf00ba943c3e9d27a0b84df5175197b0f4105b732028eca650ad4ed402072 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.25.tgz - version: v0.0.25 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.290371+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 666480b58aca6a312a915fc1e51ac0c717444f0d95345a4367c70d73b891f566 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.24.tgz - version: v0.0.24 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.290033+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 0b397d47f66b85d9e14cad455c1328397c70f0483f39428d83c56839c99f7c29 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.23.tgz - version: v0.0.23 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.289746+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: c763047324f4bf10eb76fe0ff1fc5dcb5ab9c1c5b0ca67003e73f50822a507b7 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.22.tgz - version: v0.0.22 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.289461+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: ba222bd78f7fcf4bb6ff0cb192e19b68d968c1d2573ef71d18adb57bf8774678 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.21.tgz - version: v0.0.21 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.289183+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 2f64dfd5959cc287274fd582fc7308fb60971ac58881cb3458f79f7426c42c63 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.20.tgz - version: v0.0.20 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.28867+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 51b7fcff52739a83c4107516026ec0c270b0f8633e9399dccbdf2a8f6006a1d2 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.19.tgz - version: v0.0.19 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.288401+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 8ebbf53c27110582d1d3aa775eae4eb1028672776015dcbfe798ff0c5056b8b1 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.18.tgz - version: v0.0.18 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.288131+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 6901e261fe4617b08207cf498845614275ebac2bfaed54ad5eb8f640a7150ead - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.17.tgz - version: v0.0.17 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.287255+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 0b49c92f2075609563e6d596d205045f3299d2dcbcbe09a3194a7e12b4df617c - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.16.tgz - version: v0.0.16 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.287008+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 9b25ba867e6c7297bcae9a7795cc29348006f1d310e7f563b948ffaceb760149 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.15.tgz - version: v0.0.15 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.286751+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: f74d351c335d5b9db31685da2bf5cab33079593bdc0b010f710cb54df9b6bab1 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.14.tgz - version: v0.0.14 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.286435+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: eca3b5e28c90dcbed32071e7b28dfab4e88014a679bbd16a03729f34c9dccc5f - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.13.tgz - version: v0.0.13 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.286011+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 4cc6acd625ea36bdb9bd874c4d648efb379129438f48c91098a59e8d84ba3620 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.12.tgz - version: v0.0.12 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.285647+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 08769b7fe4e8be7e26a53329c764abd9013dca805e6249ccf3d8a8155a9a8959 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.11.tgz - version: v0.0.11 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.285337+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 1d3435fe1e7dc358e2941621aadf1ba21d16fa4f72d8320810c61f5a11ae7189 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.10.tgz - version: v0.0.10 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.293843+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 6c65c363d54c2463167d77451525c546b08ed030143fb911a51c34b1d5967f45 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.9.tgz - version: v0.0.9 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.293562+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: e9feb789d09a51445657aa1a2c71e87411bcbae36a366c4ae8f6b200049addba - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.8.tgz - version: v0.0.8 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.29327+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: c5793cb3415ae0b68cfdc44fb9927ce68f0f4b77e50c7ab3cef610ed5d1cb98e - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.7.tgz - version: v0.0.7 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.292992+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: b45dd74d7722d961d949102c81b2321ff1d575c3e94fbd9bf5aca9e328626d49 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.6.tgz - version: v0.0.6 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.292519+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: 0d10278e951800d9b46a1415e090c62ff642ecbdc0f181fba617bf273799114a - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.5.tgz - version: v0.0.5 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.291581+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: f405204dd81300e58188ca5d41efbd6ea3f1b8f08bd50d65ea95000d38edc517 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.291014+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: f31132842aca2478c10457f6e323ffa566cca222afc58996d42a08f6f87a121e - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.288902+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: cc7992d670d615549c67717904238998780abe5aa5df400e4e3eb31d16237ea4 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.285017+05:30" - description: Helm chart creates a deployment, service, hpa for a service along - with serviceMonitor etc - digest: e45d41b5041d8a3649bb8db768226990b2aae21b31b13ffd18d7253fe1e1d441 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: service - urls: - - https://helm.zop.dev/service-v0.0.1.tgz - version: v0.0.1 - solr: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.299832+05:30" - description: Helm chart for deploying Apache Solr datastore - digest: 6b20bc75e235deed888fba4f9f8aa6331a29358aa7f845710a978bd0420f0234 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr - urls: - - https://helm.zop.dev/solr-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.299651+05:30" - description: Helm chart for deploying Apache Solr datastore - digest: ecf9a0838f59fb0b2197c1526bc3e7febe37e5aa3d2158651b4cec9bb51891dc - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr - urls: - - https://helm.zop.dev/solr-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.299404+05:30" - description: Helm chart for deploying Apache Solr datastore - digest: c6b7165c189a94bb3b35135f6a6a97b59ac3e971f8354544583bbc715e8b5f76 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr - urls: - - https://helm.zop.dev/solr-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.299138+05:30" - description: Helm chart for deploying Apache Solr datastore - digest: 7b179009c3258ab1abb9520aa60281ddffda8220eb3906811a0aa0ffd023f154 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr - urls: - - https://helm.zop.dev/solr-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.298956+05:30" - description: Helm chart for deploying Apache Solr datastore - digest: b55472585f9c7272cdd3fcef0ee411c20a2f429f4b9d7d8a0ba7912a840333b8 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr - urls: - - https://helm.zop.dev/solr-v0.0.1.tgz - version: v0.0.1 - solr-operator: - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.298773+05:30" - dependencies: - - condition: zookeeper-operator.install - name: zookeeper-operator - repository: https://helm.zop.dev - version: 0.0.1 - description: A Helm chart for Deploying Solr Operator on Kubernetes - digest: 51006b387e93fd34489498bc1dbbf603a603cd7ef5a652f916008f364ed0554f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png - maintainers: - - name: ZopDev - url: zop.dev - name: solr-operator - urls: - - https://helm.zop.dev/solr-operator-v0.0.1.tgz - version: v0.0.1 - solrcloud: - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.31792+05:30" - dependencies: - - name: solr-operator - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for deploying Apache SolrCloud datastore - digest: 0b97b6b708afce897e838fc3d923a4f86179b03cef24fa2ac19635991e7d4d79 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png - maintainers: - - name: ZopDev - url: zop.dev - name: solrcloud - urls: - - https://helm.zop.dev/solrcloud-v0.0.4.tgz - version: v0.0.4 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.312977+05:30" - dependencies: - - name: solr-operator - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for deploying Apache SolrCloud datastore - digest: e5ba371d954bbae5920c3f87919b13d3f2dbbb32cf9226f13667334b02677866 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png - maintainers: - - name: ZopDev - url: zop.dev - name: solrcloud - urls: - - https://helm.zop.dev/solrcloud-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.308944+05:30" - dependencies: - - name: solr-operator - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for deploying Apache SolrCloud datastore - digest: 9953148a67a55560185396ded92b8edfdf2e486ab7b5a449c5235315e19146d6 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png - maintainers: - - name: ZopDev - url: zop.dev - name: solrcloud - urls: - - https://helm.zop.dev/solrcloud-v0.0.2.tgz - version: v0.0.2 - - annotations: - type: datasource - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.304635+05:30" - dependencies: - - name: solr-operator - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for deploying Apache SolrCloud datastore - digest: 51915001d713d70a16464164003e298d84e70dd5280d90c93e8fcd3a9d1a9684 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png - maintainers: - - name: ZopDev - url: zop.dev - name: solrcloud - urls: - - https://helm.zop.dev/solrcloud-v0.0.1.tgz - version: v0.0.1 - superset: - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.321782+05:30" - dependencies: - - condition: postgres.enabled - name: postgres - repository: https://helm.zop.dev - version: 0.0.6 - - condition: redis.enabled - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for Deploying Apache Superset - digest: f122e17973f2399e1f354901fdc28cf7389635ee5bcb2ece8574f268c29e2f28 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - type: application - urls: - - https://helm.zop.dev/superset-v0.0.6.tgz - version: v0.0.6 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.32136+05:30" - dependencies: - - condition: postgres.enabled - name: postgres - repository: https://helm.zop.dev - version: 0.0.2 - - condition: redis.enabled - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for Deploying Apache Superset - digest: bb59d5ef14168daec62e90495c3d7d19fafef13a0daf2767008e5720e5a88592 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - type: application - urls: - - https://helm.zop.dev/superset-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.32096+05:30" - dependencies: - - condition: postgres.enabled - name: postgres - repository: https://helm.zop.dev - version: 0.0.2 - - condition: redis.enabled - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for Deploying Apache Superset - digest: efbd1d32df820dcdc5be65be96080b7be86cbebedb9bdb840da6ba59e92167c1 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - urls: - - https://helm.zop.dev/superset-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.320419+05:30" - dependencies: - - condition: postgres.enabled - name: postgres - repository: https://helm.zop.dev - version: 0.0.2 - - condition: redis.enabled - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for Deploying Apache Superset - digest: 9257924d7e68996c6e1aa2090bbe65396dd1bf4f49ac99e1ec484dd01bbaf6a4 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - type: application - urls: - - https://helm.zop.dev/superset-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.319893+05:30" - dependencies: - - condition: postgres.enabled - name: postgres - repository: https://helm.zop.dev - version: 0.0.2 - - condition: redis.enabled - name: redis - repository: https://helm.zop.dev - version: 0.0.1 - description: Helm chart for Deploying Apache Superset - digest: e54ec4b174f43cfc8a8159bfe3c56599a2f9fd9cabfd02db4aac7d4bf1028727 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - type: application - urls: - - https://helm.zop.dev/superset-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.318884+05:30" - description: Helm chart for Deploying Apache Superset - digest: f2612f4782cc4e971f095ddbb76b3e9631e52b7ba6473e48226d2f769317be56 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: superset - urls: - - https://helm.zop.dev/superset-v0.0.1.tgz - version: v0.0.1 - surrealdb: - - annotations: - type: datasource - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.322535+05:30" - description: Helm chart for deploying surrealdb - digest: 4e87390d8466c1c3cb37c25a0a59be957d792976bafb3b3a02101927dcf8a3da - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png - maintainers: - - name: ZopDev - url: zop.dev - name: surrealdb - urls: - - https://helm.zop.dev/surrealdb-v0.0.3.tgz - version: v0.0.3 - - annotations: - type: datasource - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.322193+05:30" - description: Helm chart for deploying surrealdb - digest: e73e929591f817ffa0a7477fb8b24c7572b667534e14280c107b170bb4b29568 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png - maintainers: - - name: ZopDev - url: zop.dev - name: surrealdb - urls: - - https://helm.zop.dev/surrealdb-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.322019+05:30" - description: Helm chart for deploying surrealdb - digest: 3dc8d5151d6a8b5a96dc3b7aabb8e575e4c5298f0eef30943b44f74f0892bd38 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: surrealdb - urls: - - https://helm.zop.dev/surrealdb-v0.0.1.tgz - version: v0.0.1 - wordpress: - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.325723+05:30" - dependencies: - - name: mysql - repository: https://helm.zop.dev - version: 0.0.3 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying WordPress app - digest: d325e0a3fe1eced654c83b0814c810a5c3e4c05915cc57b5db206046e22a0363 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - type: application - urls: - - https://helm.zop.dev/wordpress-v0.0.6.tgz - version: v0.0.6 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.325147+05:30" - dependencies: - - name: mysql - repository: https://helm.zop.dev - version: 0.0.3 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying WordPress app - digest: 286707d27c5f168855ef8f873ca190bdb6a866d6b87c6b20f34e6b8bf2731c7c - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - type: application - urls: - - https://helm.zop.dev/wordpress-v0.0.5.tgz - version: v0.0.5 - - annotations: - type: application - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.324484+05:30" - dependencies: - - name: mysql - repository: https://helm.zop.dev - version: 0.0.3 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying WordPress app - digest: 922121cba473bb566591b3570637a145f5389bee6a5f065f10412dc22d53e81f - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - urls: - - https://helm.zop.dev/wordpress-v0.0.4.tgz - version: v0.0.4 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.324048+05:30" - dependencies: - - name: mysql - repository: https://helm.zop.dev - version: 0.0.3 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying WordPress app - digest: de7fa587f5c205ad69e1481227fa4b55f8a98e8801109b720863c6dc39c114f0 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - type: application - urls: - - https://helm.zop.dev/wordpress-v0.0.3.tgz - version: v0.0.3 - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.323461+05:30" - dependencies: - - name: mysql - repository: https://helm.zop.dev - version: 0.0.3 - - name: service - repository: https://helm.zop.dev - version: 0.0.17 - description: Helm chart for deploying WordPress app - digest: 7d80651e3bc9260c9f7e7a5b042d1d97f7fda56eb53a072f8f123613e023f156 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - type: application - urls: - - https://helm.zop.dev/wordpress-v0.0.2.tgz - version: v0.0.2 - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.322936+05:30" - description: Helm chart for deploying WordPress app - digest: 1b5793a827827be151ebe571fcadec8507a6562da1213c774ca0acba91e91ab2 - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: wordpress - urls: - - https://helm.zop.dev/wordpress-v0.0.1.tgz - version: v0.0.1 - zookeeper: - - apiVersion: v1 - appVersion: "1.0" - created: "2025-07-18T12:21:03.327081+05:30" - description: A Helm chart for Deploying Zookeeper on Kubernetes - digest: 06e4542609434c3c6385b75619e254ada3771e332c025b25c2f074992d5043ca - icon: https://zop.dev/logo.png - maintainers: - - name: ZopDev - url: zop.dev - name: zookeeper - urls: - - https://helm.zop.dev/zookeeper-v0.0.1.tgz - version: v0.0.1 - zookeeper-operator: - - apiVersion: v2 - appVersion: "1.0" - created: "2025-07-18T12:21:03.326913+05:30" - description: A Helm chart for Deploying Zookeeper Operator on Kubernetes - digest: 54a824110bc9e4bbf8228f49c601f8d2cfab1ff815037a09ac7e29067f5dd8d1 - icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250407/69625503-f6f1-4521-9c14-1d262ee8683b-zookeeper.png - maintainers: - - name: ZopDev - url: zop.dev - name: zookeeper-operator - urls: - - https://helm.zop.dev/zookeeper-operator-v0.0.1.tgz - version: v0.0.1 -generated: "2025-07-18T12:21:03.259717+05:30" +apiVersion: v1 +entries: + cassandra: + - annotations: + type: datasource + apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.262269+05:30" + description: Helm chart for deploying cassandra + digest: 5ad8c3dd137ecef4ee348b7f855f0b6e2f0860040a5faea921bac812ebe0344e + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png + maintainers: + - name: ZopDev + url: zop.dev + name: cassandra + urls: + - https://helm.zop.dev/cassandra-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: datasource + apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.261974+05:30" + description: Helm chart for deploying cassandra + digest: 8204a7e66878a8c14cd517fb4db71afe9980a1f194f850aba1d0b972f708604a + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png + maintainers: + - name: ZopDev + url: zop.dev + name: cassandra + urls: + - https://helm.zop.dev/cassandra-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.261823+05:30" + description: Helm chart for deploying cassandra + digest: d8c73f81cbbf8d9c32118c2939ff855a36a1b6c8c593baf77bfb6b99f161c8a3 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241223/d7c22b49-c87b-4d41-a109-334a83b44f8d-cassandra.png + maintainers: + - name: ZopDev + url: zop.dev + name: cassandra + urls: + - https://helm.zop.dev/cassandra-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.260845+05:30" + description: Helm chart for deploying cassandra + digest: f45dea69d490bc1e07764fc2e632cabda6465b4a99d12ed6c78eb4646b742e11 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cassandra + urls: + - https://helm.zop.dev/cassandra-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.26046+05:30" + description: Helm chart for deploying cassandra + digest: 87dcf6e85af6afe5ff9c90bb29272edbc9cb21ce8019361015b1733442644ca9 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cassandra + urls: + - https://helm.zop.dev/cassandra-v0.0.1.tgz + version: v0.0.1 + chromadb: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.262742+05:30" + description: Helm chart for deploying chromadb datastore + digest: 94ca640fc537837c955a55a41e53da01b38203fe28e9e5df92f7f121ac51f68e + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: chromadb + urls: + - https://helm.zop.dev/chromadb-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.262584+05:30" + description: Helm chart for deploying chromadb datastore + digest: ba37d2c0312b72096223fae3329696dd8b5c0f050712369a7d17d61136c7a91b + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241205/f21ef909-e0ea-4969-8963-0848602a5e4b-ImageEditor.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: chromadb + urls: + - https://helm.zop.dev/chromadb-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.262431+05:30" + description: Helm chart for deploying chromadb datastore + digest: 4b595dd52a315a9c5731a2407c33840e5f9d838c0faa534a65348a927e63ea7d + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: chromadb + urls: + - https://helm.zop.dev/chromadb-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.260166+05:30" + description: Helm chart for deploying chromadb datastore + digest: e80e4a44755d08f58044aaffc16074668015f121b5a7359cd20b75526a46ee3a + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: chromadb + urls: + - https://helm.zop.dev/Chromadb-v0.0.1.tgz + version: v0.0.1 + cockroachdb: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.263557+05:30" + description: Helm chart for deploying cockroachdb datastore + digest: aafca1db83b781cfc87de37fae49dc57122fb7c0b57dacee765a7fb8de72cfc1 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png + maintainers: + - name: ZopDev + url: zop.dev + name: cockroachdb + urls: + - https://helm.zop.dev/cockroachdb-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.263408+05:30" + description: Helm chart for deploying cockroachdb datastore + digest: 2bea5770d823248ddf13b2930796e7c58ee72323683f7e5d39851d500d680b29 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png + maintainers: + - name: ZopDev + url: zop.dev + name: cockroachdb + urls: + - https://helm.zop.dev/cockroachdb-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.263247+05:30" + description: Helm chart for deploying cockroachdb datastore + digest: 413d30a76f216aaba3e6e8768d3195006d5248e15f26884291031ad311c111d2 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/331014cf-f38d-484f-9246-1c9a045cb9a0-cockroachicon.png + maintainers: + - name: ZopDev + url: zop.dev + name: cockroachdb + urls: + - https://helm.zop.dev/cockroachdb-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.263091+05:30" + description: Helm chart for deploying cockroachdb datastore + digest: 34f77cf414230048d6da77866c1ac39093625e761b5c68c71b7e214a4191da09 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cockroachdb + urls: + - https://helm.zop.dev/cockroachdb-v0.0.1.tgz + version: v0.0.1 + cron-job: + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.265652+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: df89a1f9b87ee180ff45fed5106197ebc98dde611fe12fc26665096d8ad22071 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.17.tgz + version: v0.0.17 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.265511+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: b09b48b17c5518b18ff360770bcdb54f1babd195d1f9eabaccbc2dd0041a0ab3 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.16.tgz + version: v0.0.16 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.265365+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 56cb5aa749ecb2d7b6a44b1cc7598bdab04319be280731233e7f1c3edaf0c81a + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.15.tgz + version: v0.0.15 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.26522+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 9fe2649ba7a57a70efbadd6fc7f630f689a285411b6a9a82fa71797f3729d7d1 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.14.tgz + version: v0.0.14 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.264956+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: cea536911b8a40c81d0dea88039b651e822f7f520cac1bc7984f1436f6d2db1e + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.13.tgz + version: v0.0.13 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.264812+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 462e6ec152db5248ef7f16884414dc5230e07800b7b068f3f57cb759439f2051 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.12.tgz + version: v0.0.12 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.264657+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 5ec17930747dbefa44d30240d1ecc94f649084f8a252ad3351b5a5f7463bb592 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.11.tgz + version: v0.0.11 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.264471+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: ebc0c13fa2b4c085475168759a66c464801a099c00e60790ee3c141a619208e6 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.10.tgz + version: v0.0.10 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266979+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: c59e1c2ca03efcd354674efd6c6142bb897a522511b21ab2204d758c0ad7838d + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.9.tgz + version: v0.0.9 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266736+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: b0b0f1b080fb355d0c0a4c9a793aa08c42ae3d346d3d35924b160402146f3ba4 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.8.tgz + version: v0.0.8 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266602+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 68deab7c093b6399751337046e2e3d44b2f92583ff5897268b2e7096c3ecc7d4 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.7.tgz + version: v0.0.7 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266472+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 12ef691b470c85021dea5a2abb22ed85a1eeb0eebb639b4e961ebc9e48b77379 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.6.tgz + version: v0.0.6 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266341+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: feacad697b021e3101356c723937a67384ce40b20d8262f8cb0dccb778ce3409 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.5.tgz + version: v0.0.5 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266208+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: a0b223548907a6e97153e62a80c71fa20a2d1b44d6ddd6f86c99ee1d0bded277 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.266078+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 915559e842b254eb709dae62904e6021123d76fba00367c0f676ea471fd9bb34 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.265784+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: 8647eaeb33477970ec574dfea3549f71d480bb89cac42b99fba36a4f56d2c64f + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.263896+05:30" + description: Helm chart creates a cron-job, service, alerts along with serviceMonitor + etc + digest: d8ab447cd5bff82957fc1bafdd4a1bdab91cea3b9eba179f17359d4b6265718b + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: cron-job + urls: + - https://helm.zop.dev/cron-job-v0.0.1.tgz + version: v0.0.1 + dgraph: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.268257+05:30" + description: Helm chart for deploying dgraph datastore + digest: 39df09aa5c2fd7d4ff91f023a4257a3fc5690538b99a5a666f9a22d99d3f3c9c + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png + maintainers: + - name: ZopDev + url: zop.dev + name: dgraph + urls: + - https://helm.zop.dev/dgraph-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.268008+05:30" + description: Helm chart for deploying dgraph datastore + digest: da8b3703d231048d9831066e82fd1a6c6dff59da7a786e8396137b2c22d6ef62 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250402/b62a941f-db26-4b89-a1c0-6758a616c028-dgraph.png + maintainers: + - name: ZopDev + url: zop.dev + name: dgraph + urls: + - https://helm.zop.dev/dgraph-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.26767+05:30" + description: Helm chart for deploying dgraph datastore + digest: 81cd012d3d9b7a4b5275d4e0bc16f15cf4c4636eee17d7177c124c37c3f70a34 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: dgraph + urls: + - https://helm.zop.dev/dgraph-v0.0.1.tgz + version: v0.0.1 + jupyterhub: + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.270993+05:30" + description: Helm chart for Deploying JupyterHub + digest: f84e94e60206ce31fd483c8f95509e3a0633bd37ac69ead5260d25b49c7c2e3d + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png + maintainers: + - name: ZopDev + url: zop.dev + name: jupyterhub + type: application + urls: + - https://helm.zop.dev/jupyterhub-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.269912+05:30" + description: Helm chart for Deploying JupyterHub + digest: 557ab4461adc4e40e2e1ddd0de44f12d06d76ff0b0a42f29feb39b63c7e49360 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png + maintainers: + - name: ZopDev + url: zop.dev + name: jupyterhub + urls: + - https://helm.zop.dev/jupyterhub-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.269039+05:30" + description: Helm chart for Deploying JupyterHub + digest: 93a2b8063b3bc5ec24e4b9e0978913fa0f79b951e73913f562746cbc9353b0bd + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250313/e2540703-3750-4d46-ba32-32445e506332-jupyter.png + maintainers: + - name: ZopDev + url: zop.dev + name: jupyterhub + type: application + urls: + - https://helm.zop.dev/jupyterhub-v0.0.1.tgz + version: v0.0.1 + kafka: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.272532+05:30" + dependencies: + - alias: zookeeper + condition: zookeeper.enabled + name: zookeeper + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart deploys kafka + digest: 9394597bfeec6edae3c9b8b1729297a13cb9dd4a74a012095b8d960305402d73 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png + maintainers: + - name: ZopDev + url: zop.dev + name: kafka + urls: + - https://helm.zop.dev/kafka-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.272257+05:30" + dependencies: + - alias: zookeeper + condition: zookeeper.enabled + name: zookeeper + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart deploys kafka + digest: b086214f489535305a6b173d078b1ab68c8685afca1b74cbac24f86e2d5f508b + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png + maintainers: + - name: ZopDev + url: zop.dev + name: kafka + urls: + - https://helm.zop.dev/kafka-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.271681+05:30" + dependencies: + - alias: zookeeper + condition: zookeeper.enabled + name: zookeeper + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart deploys kafka + digest: b615dcd35b8a88b0adffe5d78033ed6eb9e77c62eea3432af78e2e3daa21b58f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250206/800a8c94-a94d-4dbe-9b71-f8e21963da2f-kafka.png + maintainers: + - name: ZopDev + url: zop.dev + name: kafka + urls: + - https://helm.zop.dev/kafka-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.271312+05:30" + description: Helm chart deploys kafka + digest: 1a6d2313a07f4a2786e0fb94acb3cdf30215cf652628f397a91bb68aaa1717e1 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: kafka + urls: + - https://helm.zop.dev/kafka-v0.0.1.tgz + version: v0.0.1 + mariadb: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.27347+05:30" + description: Helm chart for deploying mariadb datastore + digest: 6b45a459eee41308010175d20ab5caf884bdef6bd9f75e9327c02e9703eace6f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png + maintainers: + - name: ZopDev + url: zop.dev + name: mariadb + urls: + - https://helm.zop.dev/mariadb-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.273263+05:30" + description: Helm chart for deploying mariadb datastore + digest: 301f9f4ce7bc4ed7c87078ba28ecbb9b41527eb244cce884c57b684bbcabc156 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png + maintainers: + - name: ZopDev + url: zop.dev + name: mariadb + urls: + - https://helm.zop.dev/mariadb-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.272935+05:30" + description: Helm chart for deploying mariadb datastore + digest: 5f5b91c6e5b772c5b4b862b7dab3bb3c89b346c0af1c53414afcc5beae74f6a6 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241210/f80d4fa9-22ff-4ea8-9558-abb1ab3dc4f3-mariadb.png + maintainers: + - name: ZopDev + url: zop.dev + name: mariadb + urls: + - https://helm.zop.dev/mariadb-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.272752+05:30" + description: Helm chart for deploying mariadb datastore + digest: 27f9e8208c4c87915296c1e4a00c2bd0cb6ff48806b2f4e62a11cc85ec66567b + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: mariadb + urls: + - https://helm.zop.dev/mariadb-v0.0.1.tgz + version: v0.0.1 + mysql: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.274705+05:30" + description: Helm chart for deploying mysql datastore + digest: f9a418fb02ae3cee19f627015c84eadf2d9d97dd53e0a2bf0ee8f0b416ebeacc + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.16.tgz + version: v0.0.16 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.27456+05:30" + description: Helm chart for deploying mysql datastore + digest: 54bb226a20cf47b56ae0a07585b450f0c0b98e228a4c44567910c1eac18fb858 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.15.tgz + version: v0.0.15 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.274412+05:30" + description: Helm chart for deploying mysql datastore + digest: ba225be6ddab11b576bdbfa7ce977fd8b82e47d427f8fa022c122443c872b119 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.14.tgz + version: v0.0.14 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.274261+05:30" + description: Helm chart for deploying mysql datastore + digest: 47cd9bffa81e71ce96fdea4303d407d20ed17fc52eeaa29bca329553a5aca117 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.13.tgz + version: v0.0.13 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.274113+05:30" + description: Helm chart for deploying mysql datastore + digest: 0a700f2d21091b08e4dffe41fcfe951a31bfcea320df10051e2d27175979a8d6 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.12.tgz + version: v0.0.12 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.273972+05:30" + description: Helm chart for deploying mysql datastore + digest: 61ec682378d67ee959c57acb2a6cb0f60d54bd5a1cf0cac4f8dc88f31b6771e6 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.11.tgz + version: v0.0.11 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.273817+05:30" + description: Helm chart for deploying mysql datastore + digest: 693f49466f3aa2741fef88115d1cd7c220c2580747cd58801244cdafceb54df1 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.10.tgz + version: v0.0.10 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.277041+05:30" + description: Helm chart for deploying mysql datastore + digest: f6cea40dae37912aeb37318baeaf51dc048758031492a22ecd7d5d66c12b23bc + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.9.tgz + version: v0.0.9 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.276893+05:30" + description: Helm chart for deploying mysql datastore + digest: 72cfd04c203bb9e90d50aa06ad2bdd090b546e92c1132f51d485122c7f483105 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.8.tgz + version: v0.0.8 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.276741+05:30" + description: Helm chart for deploying mysql datastore + digest: cd4a6304ec32384c5a278ba4cc356d5d36abecf639f5c1b49ce8fc0eff4016d6 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.7.tgz + version: v0.0.7 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.276384+05:30" + description: Helm chart for deploying mysql datastore + digest: 3eb4fdd1593a952a7ff7a10310b48484047eabeacadcf3f039e32d7f1a130c13 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.6.tgz + version: v0.0.6 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.276159+05:30" + description: Helm chart for deploying mysql datastore + digest: d3635b40f2b416a5616ff1ba50d9572318e285ead03213ee7a5a45caaa8ab5e8 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/c647e8cc-f958-4e6b-ba08-22dc79ca703a-pngtransparentmysqldatabasemariadbdolphinmarinemammalanimalstextthumbnail.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.275822+05:30" + description: Helm chart for deploying mysql datastore + digest: 22a84b7172e1424845524d9c2a06a3ec7c29f445349ff4650531001bd50fb5a8 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.275567+05:30" + description: Helm chart for deploying mysql datastore + digest: cd72e08b2235de99a477dfad97c1d13fff7ae5e37397f0d6dbd682bf949b2046 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.27494+05:30" + description: Helm chart for deploying mysql datastore + digest: 7e4bf128d43f03e3930457b8eb731935c98c82b2528a5c28559a921850cb5922 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.273671+05:30" + description: Helm chart for deploying mysql datastore + digest: d1b0b8aff145de7076aa97054be6da52e769ac7be00d8453500a75ac82cc0d07 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: mysql + urls: + - https://helm.zop.dev/mysql-v0.0.1.tgz + version: v0.0.1 + opentsdb: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.27737+05:30" + description: Helm chart for deploying opentsdb + digest: ceb20fb363bef19fbc077ba7647b389a9741f0b748b555f23e2e6bd6b5f97020 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png + maintainers: + - name: ZopDev + url: zop.dev + name: opentsdb + urls: + - https://helm.zop.dev/opentsdb-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.277256+05:30" + description: Helm chart for deploying opentsdb + digest: e20e1734631e6079fe6e8e44b6c63d46c49c9888f99e0b9706d22bed09b4c8be + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/42ea9c53-055c-4441-8438-95d639dfc2f4-2086220.png + maintainers: + - name: ZopDev + url: zop.dev + name: opentsdb + urls: + - https://helm.zop.dev/opentsdb-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.277135+05:30" + description: Helm chart for deploying opentsdb + digest: fd3473ad09c60da40c8ddbb319a4c015774d0ae35c0e7da5556949bcbde39f7e + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: opentsdb + urls: + - https://helm.zop.dev/opentsdb-v0.0.1.tgz + version: v0.0.1 + outline: + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.280768+05:30" + dependencies: + - name: postgres + repository: https://helm.zop.dev + version: 0.0.3 + - name: redis + repository: https://helm.zop.dev + version: 0.0.1 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying outline app + digest: 493f084a8118d3f4cf4dec739962cd7becd0e20f8d54744fd50981ecb3f69227 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: outline + type: application + urls: + - https://helm.zop.dev/outline-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.280126+05:30" + dependencies: + - name: postgres + repository: https://helm.zop.dev + version: 0.0.3 + - name: redis + repository: https://helm.zop.dev + version: 0.0.1 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying outline app + digest: 74081193fcd0c6d35af8997ac025abee2b3218bdba3e019df15b4987d31a058f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: outline + urls: + - https://helm.zop.dev/outline-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.279347+05:30" + dependencies: + - name: postgres + repository: https://helm.zop.dev + version: 0.0.3 + - name: redis + repository: https://helm.zop.dev + version: 0.0.1 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying outline app + digest: f70712a9c6be22b55a395ceb288e38da018373983264a621c7b1a1f4b62eb63f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: outline + type: application + urls: + - https://helm.zop.dev/outline-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.278509+05:30" + dependencies: + - name: postgres + repository: https://helm.zop.dev + version: 0.0.3 + - name: redis + repository: https://helm.zop.dev + version: 0.0.1 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying outline app + digest: c88d673d0b2cfb490263783faa237ae69788980eec8df28c0d5aef7e4bcfd940 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/517f58c3-427a-4cd0-8d37-abe941776827-download1.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: outline + type: application + urls: + - https://helm.zop.dev/outline-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.277915+05:30" + description: Helm chart for deploying outline app + digest: 4a24106f04a0e89503000afc5a7fd2546eff2e092caf500b12a48bbd2d17e659 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: outline + urls: + - https://helm.zop.dev/outline-v0.0.1.tgz + version: v0.0.1 + postgres: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.281166+05:30" + description: Helm chart for deploying postgres datastore + digest: c017d3ee10187abf8e55c01a6aa197a889e2108d4177fd27a852ea0066f2702f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.10.tgz + version: v0.0.10 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.282338+05:30" + description: Helm chart for deploying postgres datastore + digest: 623814cf583d824ed687749f0b089cd8a7e7a2b2163a26ae45cd34450323df27 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.9.tgz + version: v0.0.9 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.282154+05:30" + description: Helm chart for deploying postgres datastore + digest: 760b6075b10c9044cade7a1692a1a2b22363335710ac50a60e90890864665e41 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.8.tgz + version: v0.0.8 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.281977+05:30" + description: Helm chart for deploying postgres datastore + digest: d155a052c1ede6249edb2b0b30720ddaf0e7dda52bc352d4f231359e40456068 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.7.tgz + version: v0.0.7 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.281818+05:30" + description: Helm chart for deploying postgres datastore + digest: c1767b70e53d69d8680170e759780cdc4492f483f5896307412355331c16c7ea + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.6.tgz + version: v0.0.6 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.281664+05:30" + description: Helm chart for deploying postgres datastore + digest: 06347f98453069747de484984e4dafe36bbf79f386ef76f3de735d6ece206085 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/e4d58134-93e4-478e-851b-3a70b58dcd81-Postgresqlelephantsvg.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.281537+05:30" + description: Helm chart for deploying postgres datastore + digest: 75b652602f68dc46effc64332320aa5383b89561db869db77396bd1ab0ff55b6 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.28141+05:30" + description: Helm chart for deploying postgres datastore + digest: 8d9d5a47255fc7d149c3975386c0adf8b3e9ad66ae9d6c1da0ca7ea7d9cf3f69 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.28129+05:30" + description: Helm chart for deploying postgres datastore + digest: ffc38c1a1dbc3f4e2db9ff742475e2380094c912d9f84a3a2e6511fac6f04133 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.280989+05:30" + description: Helm chart for deploying postgres datastore + digest: 6e8a630281561184374d252a30f3541faa49fed00d072d4e0b37b4363b1bdc7b + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: postgres + urls: + - https://helm.zop.dev/postgres-v0.0.1.tgz + version: v0.0.1 + redis: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.2834+05:30" + description: Helm chart deploys redis instance + digest: 54cb3cd6a2fc657a8c9074177e0472a1363b190ec7fe359f8d537fbcc2ff33d0 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: redis + urls: + - https://helm.zop.dev/redis-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.283137+05:30" + description: Helm chart deploys redis instance + digest: 09e347bc7fb6663917771eb3c345f3d86ed552d3fdafab6a4db4cefddd3da40b + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: redis + urls: + - https://helm.zop.dev/redis-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.282756+05:30" + description: Helm chart deploys redis instance + digest: 29fea3bd4a21a6e3af62c433d46406361ec09348b65f7a761c55a8fe0f36d90c + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: redis + urls: + - https://helm.zop.dev/redis-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.282561+05:30" + description: Helm chart deploys redis instance + digest: a25641daa9934bd778b27d537c2c3f5ed8bbc80df243e615b5abd78af43f1920 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241119/a322e6a1-2433-4ff5-b778-6372fc27bedd-cdnlogocomredis2min111.jpg + maintainers: + - name: ZopDev + url: zop.dev + name: redis + urls: + - https://helm.zop.dev/redis-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.282436+05:30" + description: Helm chart deploys redis instance + digest: a1181c8d8c0808bfcbcd59a7ba08d675f83285221fff6fa10bc3fbc6014305e2 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: redis + urls: + - https://helm.zop.dev/redis-v0.0.1.tgz + version: v0.0.1 + redisdistributed: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.284557+05:30" + description: Helm chart deploys redis distributed instance + digest: ef079609c1fcb4d3fff8c961050551aed044cee88161f808a044d3fc8a7d7567 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png + maintainers: + - name: ZopDev + url: zop.dev + name: redisdistributed + urls: + - https://helm.zop.dev/redisdistributed-v0.0.9.tgz + version: v0.0.9 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.284165+05:30" + description: Helm chart deploys redis distributed instance + digest: 8e331db39a745eec8d28e365d044b82717631ef1c74cd8d1ded504546e55e586 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png + maintainers: + - name: ZopDev + url: zop.dev + name: redisdistributed + urls: + - https://helm.zop.dev/redisdistributed-v0.0.8.tgz + version: v0.0.8 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.283819+05:30" + description: Helm chart deploys redis distributed instance + digest: 46722cb13848de0ecd10e75b1ae0c34ae14d9bd648c46175357c3e1a4973be9c + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png + maintainers: + - name: ZopDev + url: zop.dev + name: redisdistributed + urls: + - https://helm.zop.dev/redisdistributed-v0.0.7.tgz + version: v0.0.7 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.283631+05:30" + description: Helm chart deploys redis distributed instance + digest: dca0d7799dc7c6f51ba5d64cb9708bade16a19446a543fa98b43093576291108 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241227/beaa0bf2-efc3-4096-9616-69568624a7d6-redisdistributed.png + maintainers: + - name: ZopDev + url: zop.dev + name: redisdistributed + urls: + - https://helm.zop.dev/redisdistributed-v0.0.6.tgz + version: v0.0.6 + scylladb: + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.284679+05:30" + description: Helm chart for deploying ScyllaDB + digest: 715797a89c9a8d06bfd839f68a18b4a720db459539581043daf153d72994e420 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: scylladb + urls: + - https://helm.zop.dev/scylladb-v0.0.1.tgz + version: v0.0.1 + service: + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.290754+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 3cabf00ba943c3e9d27a0b84df5175197b0f4105b732028eca650ad4ed402072 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.25.tgz + version: v0.0.25 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.290371+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 666480b58aca6a312a915fc1e51ac0c717444f0d95345a4367c70d73b891f566 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.24.tgz + version: v0.0.24 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.290033+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 0b397d47f66b85d9e14cad455c1328397c70f0483f39428d83c56839c99f7c29 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.23.tgz + version: v0.0.23 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.289746+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: c763047324f4bf10eb76fe0ff1fc5dcb5ab9c1c5b0ca67003e73f50822a507b7 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.22.tgz + version: v0.0.22 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.289461+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: ba222bd78f7fcf4bb6ff0cb192e19b68d968c1d2573ef71d18adb57bf8774678 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.21.tgz + version: v0.0.21 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.289183+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 2f64dfd5959cc287274fd582fc7308fb60971ac58881cb3458f79f7426c42c63 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.20.tgz + version: v0.0.20 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.28867+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 51b7fcff52739a83c4107516026ec0c270b0f8633e9399dccbdf2a8f6006a1d2 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.19.tgz + version: v0.0.19 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.288401+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 8ebbf53c27110582d1d3aa775eae4eb1028672776015dcbfe798ff0c5056b8b1 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.18.tgz + version: v0.0.18 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.288131+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 6901e261fe4617b08207cf498845614275ebac2bfaed54ad5eb8f640a7150ead + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.17.tgz + version: v0.0.17 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.287255+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 0b49c92f2075609563e6d596d205045f3299d2dcbcbe09a3194a7e12b4df617c + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.16.tgz + version: v0.0.16 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.287008+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 9b25ba867e6c7297bcae9a7795cc29348006f1d310e7f563b948ffaceb760149 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.15.tgz + version: v0.0.15 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.286751+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: f74d351c335d5b9db31685da2bf5cab33079593bdc0b010f710cb54df9b6bab1 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.14.tgz + version: v0.0.14 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.286435+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: eca3b5e28c90dcbed32071e7b28dfab4e88014a679bbd16a03729f34c9dccc5f + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.13.tgz + version: v0.0.13 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.286011+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 4cc6acd625ea36bdb9bd874c4d648efb379129438f48c91098a59e8d84ba3620 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.12.tgz + version: v0.0.12 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.285647+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 08769b7fe4e8be7e26a53329c764abd9013dca805e6249ccf3d8a8155a9a8959 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.11.tgz + version: v0.0.11 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.285337+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 1d3435fe1e7dc358e2941621aadf1ba21d16fa4f72d8320810c61f5a11ae7189 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.10.tgz + version: v0.0.10 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.293843+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 6c65c363d54c2463167d77451525c546b08ed030143fb911a51c34b1d5967f45 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.9.tgz + version: v0.0.9 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.293562+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: e9feb789d09a51445657aa1a2c71e87411bcbae36a366c4ae8f6b200049addba + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.8.tgz + version: v0.0.8 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.29327+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: c5793cb3415ae0b68cfdc44fb9927ce68f0f4b77e50c7ab3cef610ed5d1cb98e + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.7.tgz + version: v0.0.7 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.292992+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: b45dd74d7722d961d949102c81b2321ff1d575c3e94fbd9bf5aca9e328626d49 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.6.tgz + version: v0.0.6 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.292519+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: 0d10278e951800d9b46a1415e090c62ff642ecbdc0f181fba617bf273799114a + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.5.tgz + version: v0.0.5 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.291581+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: f405204dd81300e58188ca5d41efbd6ea3f1b8f08bd50d65ea95000d38edc517 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.291014+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: f31132842aca2478c10457f6e323ffa566cca222afc58996d42a08f6f87a121e + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.288902+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: cc7992d670d615549c67717904238998780abe5aa5df400e4e3eb31d16237ea4 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.285017+05:30" + description: Helm chart creates a deployment, service, hpa for a service along + with serviceMonitor etc + digest: e45d41b5041d8a3649bb8db768226990b2aae21b31b13ffd18d7253fe1e1d441 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: service + urls: + - https://helm.zop.dev/service-v0.0.1.tgz + version: v0.0.1 + solr: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.299832+05:30" + description: Helm chart for deploying Apache Solr datastore + digest: 6b20bc75e235deed888fba4f9f8aa6331a29358aa7f845710a978bd0420f0234 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr + urls: + - https://helm.zop.dev/solr-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.299651+05:30" + description: Helm chart for deploying Apache Solr datastore + digest: ecf9a0838f59fb0b2197c1526bc3e7febe37e5aa3d2158651b4cec9bb51891dc + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr + urls: + - https://helm.zop.dev/solr-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.299404+05:30" + description: Helm chart for deploying Apache Solr datastore + digest: c6b7165c189a94bb3b35135f6a6a97b59ac3e971f8354544583bbc715e8b5f76 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr + urls: + - https://helm.zop.dev/solr-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.299138+05:30" + description: Helm chart for deploying Apache Solr datastore + digest: 7b179009c3258ab1abb9520aa60281ddffda8220eb3906811a0aa0ffd023f154 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr + urls: + - https://helm.zop.dev/solr-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.298956+05:30" + description: Helm chart for deploying Apache Solr datastore + digest: b55472585f9c7272cdd3fcef0ee411c20a2f429f4b9d7d8a0ba7912a840333b8 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr + urls: + - https://helm.zop.dev/solr-v0.0.1.tgz + version: v0.0.1 + solr-operator: + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.298773+05:30" + dependencies: + - condition: zookeeper-operator.install + name: zookeeper-operator + repository: https://helm.zop.dev + version: 0.0.1 + description: A Helm chart for Deploying Solr Operator on Kubernetes + digest: 51006b387e93fd34489498bc1dbbf603a603cd7ef5a652f916008f364ed0554f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250403/a45b7860-5846-4fa9-b68d-6765251210bd-solr.png + maintainers: + - name: ZopDev + url: zop.dev + name: solr-operator + urls: + - https://helm.zop.dev/solr-operator-v0.0.1.tgz + version: v0.0.1 + solrcloud: + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.31792+05:30" + dependencies: + - name: solr-operator + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for deploying Apache SolrCloud datastore + digest: 0b97b6b708afce897e838fc3d923a4f86179b03cef24fa2ac19635991e7d4d79 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png + maintainers: + - name: ZopDev + url: zop.dev + name: solrcloud + urls: + - https://helm.zop.dev/solrcloud-v0.0.4.tgz + version: v0.0.4 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.312977+05:30" + dependencies: + - name: solr-operator + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for deploying Apache SolrCloud datastore + digest: e5ba371d954bbae5920c3f87919b13d3f2dbbb32cf9226f13667334b02677866 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png + maintainers: + - name: ZopDev + url: zop.dev + name: solrcloud + urls: + - https://helm.zop.dev/solrcloud-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.308944+05:30" + dependencies: + - name: solr-operator + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for deploying Apache SolrCloud datastore + digest: 9953148a67a55560185396ded92b8edfdf2e486ab7b5a449c5235315e19146d6 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png + maintainers: + - name: ZopDev + url: zop.dev + name: solrcloud + urls: + - https://helm.zop.dev/solrcloud-v0.0.2.tgz + version: v0.0.2 + - annotations: + type: datasource + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.304635+05:30" + dependencies: + - name: solr-operator + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for deploying Apache SolrCloud datastore + digest: 51915001d713d70a16464164003e298d84e70dd5280d90c93e8fcd3a9d1a9684 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250408/cbc1c182-d41b-4b92-9d45-b87b562c2640-solrcloud.png + maintainers: + - name: ZopDev + url: zop.dev + name: solrcloud + urls: + - https://helm.zop.dev/solrcloud-v0.0.1.tgz + version: v0.0.1 + superset: + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.321782+05:30" + dependencies: + - condition: postgres.enabled + name: postgres + repository: https://helm.zop.dev + version: 0.0.6 + - condition: redis.enabled + name: redis + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for Deploying Apache Superset + digest: f122e17973f2399e1f354901fdc28cf7389635ee5bcb2ece8574f268c29e2f28 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + type: application + urls: + - https://helm.zop.dev/superset-v0.0.6.tgz + version: v0.0.6 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.32136+05:30" + dependencies: + - condition: postgres.enabled + name: postgres + repository: https://helm.zop.dev + version: 0.0.2 + - condition: redis.enabled + name: redis + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for Deploying Apache Superset + digest: bb59d5ef14168daec62e90495c3d7d19fafef13a0daf2767008e5720e5a88592 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + type: application + urls: + - https://helm.zop.dev/superset-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.32096+05:30" + dependencies: + - condition: postgres.enabled + name: postgres + repository: https://helm.zop.dev + version: 0.0.2 + - condition: redis.enabled + name: redis + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for Deploying Apache Superset + digest: efbd1d32df820dcdc5be65be96080b7be86cbebedb9bdb840da6ba59e92167c1 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + urls: + - https://helm.zop.dev/superset-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.320419+05:30" + dependencies: + - condition: postgres.enabled + name: postgres + repository: https://helm.zop.dev + version: 0.0.2 + - condition: redis.enabled + name: redis + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for Deploying Apache Superset + digest: 9257924d7e68996c6e1aa2090bbe65396dd1bf4f49ac99e1ec484dd01bbaf6a4 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + type: application + urls: + - https://helm.zop.dev/superset-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.319893+05:30" + dependencies: + - condition: postgres.enabled + name: postgres + repository: https://helm.zop.dev + version: 0.0.2 + - condition: redis.enabled + name: redis + repository: https://helm.zop.dev + version: 0.0.1 + description: Helm chart for Deploying Apache Superset + digest: e54ec4b174f43cfc8a8159bfe3c56599a2f9fd9cabfd02db4aac7d4bf1028727 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250226/195c1a30-da2a-4eb4-8394-68fe3fd52523-superset.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + type: application + urls: + - https://helm.zop.dev/superset-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.318884+05:30" + description: Helm chart for Deploying Apache Superset + digest: f2612f4782cc4e971f095ddbb76b3e9631e52b7ba6473e48226d2f769317be56 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: superset + urls: + - https://helm.zop.dev/superset-v0.0.1.tgz + version: v0.0.1 + surrealdb: + - annotations: + type: datasource + apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.322535+05:30" + description: Helm chart for deploying surrealdb + digest: 4e87390d8466c1c3cb37c25a0a59be957d792976bafb3b3a02101927dcf8a3da + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png + maintainers: + - name: ZopDev + url: zop.dev + name: surrealdb + urls: + - https://helm.zop.dev/surrealdb-v0.0.3.tgz + version: v0.0.3 + - annotations: + type: datasource + apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.322193+05:30" + description: Helm chart for deploying surrealdb + digest: e73e929591f817ffa0a7477fb8b24c7572b667534e14280c107b170bb4b29568 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241122/c44b7326-00d7-4c62-bce7-ca576509d27f-10982346.png + maintainers: + - name: ZopDev + url: zop.dev + name: surrealdb + urls: + - https://helm.zop.dev/surrealdb-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.322019+05:30" + description: Helm chart for deploying surrealdb + digest: 3dc8d5151d6a8b5a96dc3b7aabb8e575e4c5298f0eef30943b44f74f0892bd38 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: surrealdb + urls: + - https://helm.zop.dev/surrealdb-v0.0.1.tgz + version: v0.0.1 + wordpress: + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.325723+05:30" + dependencies: + - name: mysql + repository: https://helm.zop.dev + version: 0.0.3 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying WordPress app + digest: d325e0a3fe1eced654c83b0814c810a5c3e4c05915cc57b5db206046e22a0363 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + type: application + urls: + - https://helm.zop.dev/wordpress-v0.0.6.tgz + version: v0.0.6 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.325147+05:30" + dependencies: + - name: mysql + repository: https://helm.zop.dev + version: 0.0.3 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying WordPress app + digest: 286707d27c5f168855ef8f873ca190bdb6a866d6b87c6b20f34e6b8bf2731c7c + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + type: application + urls: + - https://helm.zop.dev/wordpress-v0.0.5.tgz + version: v0.0.5 + - annotations: + type: application + apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.324484+05:30" + dependencies: + - name: mysql + repository: https://helm.zop.dev + version: 0.0.3 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying WordPress app + digest: 922121cba473bb566591b3570637a145f5389bee6a5f065f10412dc22d53e81f + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + urls: + - https://helm.zop.dev/wordpress-v0.0.4.tgz + version: v0.0.4 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.324048+05:30" + dependencies: + - name: mysql + repository: https://helm.zop.dev + version: 0.0.3 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying WordPress app + digest: de7fa587f5c205ad69e1481227fa4b55f8a98e8801109b720863c6dc39c114f0 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + type: application + urls: + - https://helm.zop.dev/wordpress-v0.0.3.tgz + version: v0.0.3 + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.323461+05:30" + dependencies: + - name: mysql + repository: https://helm.zop.dev + version: 0.0.3 + - name: service + repository: https://helm.zop.dev + version: 0.0.17 + description: Helm chart for deploying WordPress app + digest: 7d80651e3bc9260c9f7e7a5b042d1d97f7fda56eb53a072f8f123613e023f156 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20241129/9f2ff083-4ba6-4494-91d4-c6c7c96c8ab0-download.jpeg + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + type: application + urls: + - https://helm.zop.dev/wordpress-v0.0.2.tgz + version: v0.0.2 + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.322936+05:30" + description: Helm chart for deploying WordPress app + digest: 1b5793a827827be151ebe571fcadec8507a6562da1213c774ca0acba91e91ab2 + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: wordpress + urls: + - https://helm.zop.dev/wordpress-v0.0.1.tgz + version: v0.0.1 + zookeeper: + - apiVersion: v1 + appVersion: "1.0" + created: "2025-07-18T12:21:03.327081+05:30" + description: A Helm chart for Deploying Zookeeper on Kubernetes + digest: 06e4542609434c3c6385b75619e254ada3771e332c025b25c2f074992d5043ca + icon: https://zop.dev/logo.png + maintainers: + - name: ZopDev + url: zop.dev + name: zookeeper + urls: + - https://helm.zop.dev/zookeeper-v0.0.1.tgz + version: v0.0.1 + zookeeper-operator: + - apiVersion: v2 + appVersion: "1.0" + created: "2025-07-18T12:21:03.326913+05:30" + description: A Helm chart for Deploying Zookeeper Operator on Kubernetes + digest: 54a824110bc9e4bbf8228f49c601f8d2cfab1ff815037a09ac7e29067f5dd8d1 + icon: https://storage.googleapis.com/zopdev-test-bucket/zop/files/originals/20250407/69625503-f6f1-4521-9c14-1d262ee8683b-zookeeper.png + maintainers: + - name: ZopDev + url: zop.dev + name: zookeeper-operator + urls: + - https://helm.zop.dev/zookeeper-operator-v0.0.1.tgz + version: v0.0.1 +generated: "2025-07-18T12:21:03.259717+05:30" diff --git a/docs/src/css/readme.css b/docs/src/css/readme.css index e244cfcc..1a573fe7 100644 --- a/docs/src/css/readme.css +++ b/docs/src/css/readme.css @@ -1,521 +1,521 @@ - -* { - margin: 0; - padding: 0; - box-sizing: border-box; -} - -body { - font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; - background-color: #f8fafc; - line-height: 1.6; - color: #334155; -} -.not-found{ - display: flex; - align-items: center; - justify-content: center; -} - -.navbar { - position: fixed; - top: 0; - left: 0; - right: 0; - background: white; - border-bottom: 1px solid #e2e8f0; - padding: 0 2rem; - z-index: 1000; - height: 64px; - display: flex; - align-items: center; - justify-content: space-between; - box-shadow: 0 1px 3px rgba(0,0,0,0.05); -} - -.logo { - display: flex; - align-items: center; - font-size: 1.25rem; - font-weight: 600; - color: #1e293b; - text-decoration: none; -} - -.logo-icon { - width: 32px; - height: 32px; - background: linear-gradient(135deg, #3b82f6, #06b6d4); - border-radius: 6px; - margin-right: 8px; - display: flex; - align-items: center; - justify-content: center; - color: white; - font-weight: bold; -} - -.nav-links { - display: flex; - align-items: center; - gap: 2rem; -} - -.nav-links a { - text-decoration: none; - color: #64748b; - font-weight: 500; - transition: color 0.2s; -} - -.nav-links a:hover { - color: #1e293b; -} - -.nav-right { - display: flex; - align-items: center; - gap: 1rem; -} - -.playground-btn { - display: flex; - align-items: center; - gap: 0.5rem; - padding: 0.5rem 1rem; - background: #f1f5f9; - border: none; - border-radius: 6px; - color: #475569; - font-weight: 500; - text-decoration: none; - transition: background-color 0.2s; -} - -.playground-btn:hover { - background: #e2e8f0; -} - -.auth-buttons { - display: flex; - gap: 0.5rem; -} - -.btn { - padding: 0.5rem 1rem; - border-radius: 6px; - text-decoration: none; - font-weight: 500; - transition: all 0.2s; -} - -.btn-login { - color: #475569; - background: transparent; -} - -.btn-login:hover { - color: #1e293b; -} - -.btn-signup { - background: #1e293b; - color: white; -} - -.btn-signup:hover { - background: #0f172a; -} - -.load { - display: flex; - flex-direction: column; - align-items: center; - justify-content: center; - position: fixed; - top: 0; - left: 0; - height: 100vh; - width: 100%; - gap: 15px; - padding: 20px; - background-color: rgba(255, 255, 255, 0.9); - box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); - z-index: 9999; -} - -.simple-spinner { - border: 6px solid #e0e0e0; - border-top: 6px solid #0D7997; - border-radius: 50%; - width: 50px; - height: 50px; - animation: simple-spin 1s linear infinite; -} - -@keyframes simple-spin { - 0% { transform: rotate(0deg); } - 100% { transform: rotate(360deg); } -} - -.simple-loader-text { - font-size: 1.1em; - color: #555; -} -.code-container { - position: relative; - margin-bottom: 1em; -} -.copy-button { - position: absolute; - top: 4px; - right: 5px; - color: rgb(2, 2, 2); - border: none; - padding: 5px 10px; - border-radius: 3px; - cursor: pointer; - font-size: 0.8em; - opacity: 2; - transition: opacity 0.3s ease-in-out; - background-color: transparent; -} -.cop{ - height: 14px; - width: 13px; -} -.main-content { - margin-top: 64px; - padding: 2rem; - max-width: 1200px; - margin-left: auto; - margin-right: auto; - display: none; - grid-template-columns: 1fr 300px; - gap: 3rem; - align-items: flex-start; -} - -main { - min-width: 0; -} - -.breadcrumb { - margin-bottom: 2rem; - color: #64748b; - display: flex; - align-items: center; - gap: 0.5rem; - font-size: 0.9rem; -} - -.breadcrumb a { - color: #64748b; - text-decoration: none; -} - -.breadcrumb a:hover { - color: #1e293b; -} - -#readme-content { - padding: 1.5rem; - border-radius: 8px; - line-height: 1.7; - color: #475569; - word-wrap: break-word; - overflow-wrap: break-word; -} - -#readme-content h1 { - font-size: 2rem; - color: #1e293b; - font-weight: 600; - margin-bottom: 1.5rem; - padding-top: 0.5rem; - scroll-margin-top: 70px; -} - -#readme-content h2 { - font-size: 1.5rem; - color: #1e293b; - font-weight: 600; - margin-top: 2rem; - margin-bottom: 1rem; - padding-top: 0.5rem; - scroll-margin-top: 70px; -} - -#readme-content h3 { - font-size: 1.25rem; - color: #1e293b; - font-weight: 600; - margin-top: 1.5rem; - margin-bottom: 0.75rem; -} - -#readme-content p { - margin-bottom: 1rem; -} - -#readme-content ol, -#readme-content ul { - margin-left: 1.5rem; - margin-bottom: 1rem; -} - -#readme-content li { - margin-bottom: 0.5rem; -} - -#readme-content pre { - background: #f1f5f9; - padding: 1.5rem 1rem 1rem 1rem; - border-radius: 6px; - font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace; - font-size: 0.875rem; - color: #475569; - margin: 1rem 0; - overflow-x: auto; -} - -#readme-content pre code { - display: block; -} - -#readme-content img { - max-width: 100%; - height: auto; - border-radius: 8px; - margin: 1rem 0; - display: block; -} - -#readme-content table { - width: 100%; - border-collapse: collapse; - margin: 1rem 0; - display: block; - overflow-x: auto; -} - -#readme-content th, -#readme-content td { - border: 1px solid #e2e8f0; - padding: 0.75rem; - text-align: left; -} - -#readme-content th { - background-color: #f1f5f9; - font-weight: 600; - color: #1e293b; -} - -.sidebar { - position: sticky; - top: 84px; - height: calc(100vh - 104px); - background: white; - border: 1px solid #e2e8f0; - border-radius: 8px; - padding: 1.5rem; - box-shadow: 0 1px 3px rgba(0,0,0,0.05); - display: flex; - flex-direction: column; -} -.copy-svg{ - background-color: #f1f5f9; - border-radius: 5px; -} -.language-bash{ - padding-right: 10px; -} -@media only screen and (max-width: 767px) { - #sidebar { - display: none; - } - .cop{ - height: 11px; - width: 10px; -} -} -.sidebar-header { - display: flex; - justify-content: space-between; - align-items: center; - margin-bottom: 1rem; - border-bottom: 1px solid #e2e8f0; - padding-bottom: 0.5rem; -} -.sidebar h3 { - font-size: 1rem; - font-weight: 600; - color: #1e293b; - margin-bottom: 0; -} - -.search-button { - background: none; - border: none; - cursor: pointer; - color: #64748b; - font-size: 1rem; - transition: color 0.2s; - padding: 0.25rem; - border-radius: 4px; -} - -.search-button:hover { - color: #1e293b; - background-color: #f1f5f9; -} - -.search-container { - margin-bottom: 1rem; - display: none; -} - -.search-container.active { - display: block; -} - -.search-container input { - width: 100%; - padding: 0.75rem 1rem; - border: 1px solid #e2e8f0; - border-radius: 6px; - font-size: 0.9rem; - color: #475569; - outline: none; - transition: border-color 0.2s; -} - -.search-container input:focus { - border-color: #3b82f6; -} - -#sidebar-content { - display: flex; - flex-direction: column; - flex-grow: 1; - overflow-y: auto; - border-radius: 5px; -} - -#sidebar-content a { - text-decoration: none; - color: #64748b; - padding: 0.5rem 0.75rem; - margin-bottom: 0.25rem; - border-radius: 4px; - transition: background-color 0.2s, color 0.2s; - white-space: nowrap; - text-overflow: ellipsis; -} - -#sidebar-content a:hover { - background-color: #f1f5f9; - color: #1e293b; -} - -#sidebar-content a.level-2 { - padding-left: 1.5rem; -} - -#sidebar-content .active { - background-color: #e0f2f7; - color: #0891b2; - font-weight: 600; -} - -.sidebar-show-all { - display: block; - margin-top: 0.5rem; -} - -.chat-button { - position: fixed; - bottom: 2rem; - right: 2rem; - width: 60px; - height: 60px; - background: #0891b2; - border-radius: 50%; - border: none; - color: white; - font-size: 1.5rem; - cursor: pointer; - box-shadow: 0 4px 12px rgba(8, 145, 178, 0.3); - transition: all 0.2s; - z-index: 1000; -} - -.chat-button:hover { - background: #0e7490; - transform: scale(1.05); -} - -@media (max-width: 768px) { - .main-content { - grid-template-columns: 1fr; - padding: 1rem; - gap: 1.5rem; - } - - .navbar { - padding: 0 1rem; - } - - .nav-links { - display: none; - } - - .sidebar { - position: static; - height: auto; - margin-top: 1.5rem; - } -} - -#readme-content { - position: relative; - overflow: hidden; - padding: 1.5rem; - border-radius: 8px; - line-height: 1.7; - color: #475569; - word-wrap: break-word; - overflow-wrap: break-word; -} -.img-404{ - content: center; -} -.loading-bar { - position: absolute; - top: 0; - left: 0; - width: 100%; - height: 4px; - background-color: #3b82f6; - transform: translateX(-100%); - animation: loading 1.5s infinite ease-in-out; - z-index: 10; - display: none; -} - -.loading-bar.active { - display: block; -} - -@keyframes loading { - 0% { - transform: translateX(-100%); - } - 50% { - transform: translateX(100%); - } - 100% { - transform: translateX(-100%); - } + +* { + margin: 0; + padding: 0; + box-sizing: border-box; +} + +body { + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; + background-color: #f8fafc; + line-height: 1.6; + color: #334155; +} +.not-found{ + display: flex; + align-items: center; + justify-content: center; +} + +.navbar { + position: fixed; + top: 0; + left: 0; + right: 0; + background: white; + border-bottom: 1px solid #e2e8f0; + padding: 0 2rem; + z-index: 1000; + height: 64px; + display: flex; + align-items: center; + justify-content: space-between; + box-shadow: 0 1px 3px rgba(0,0,0,0.05); +} + +.logo { + display: flex; + align-items: center; + font-size: 1.25rem; + font-weight: 600; + color: #1e293b; + text-decoration: none; +} + +.logo-icon { + width: 32px; + height: 32px; + background: linear-gradient(135deg, #3b82f6, #06b6d4); + border-radius: 6px; + margin-right: 8px; + display: flex; + align-items: center; + justify-content: center; + color: white; + font-weight: bold; +} + +.nav-links { + display: flex; + align-items: center; + gap: 2rem; +} + +.nav-links a { + text-decoration: none; + color: #64748b; + font-weight: 500; + transition: color 0.2s; +} + +.nav-links a:hover { + color: #1e293b; +} + +.nav-right { + display: flex; + align-items: center; + gap: 1rem; +} + +.playground-btn { + display: flex; + align-items: center; + gap: 0.5rem; + padding: 0.5rem 1rem; + background: #f1f5f9; + border: none; + border-radius: 6px; + color: #475569; + font-weight: 500; + text-decoration: none; + transition: background-color 0.2s; +} + +.playground-btn:hover { + background: #e2e8f0; +} + +.auth-buttons { + display: flex; + gap: 0.5rem; +} + +.btn { + padding: 0.5rem 1rem; + border-radius: 6px; + text-decoration: none; + font-weight: 500; + transition: all 0.2s; +} + +.btn-login { + color: #475569; + background: transparent; +} + +.btn-login:hover { + color: #1e293b; +} + +.btn-signup { + background: #1e293b; + color: white; +} + +.btn-signup:hover { + background: #0f172a; +} + +.load { + display: flex; + flex-direction: column; + align-items: center; + justify-content: center; + position: fixed; + top: 0; + left: 0; + height: 100vh; + width: 100%; + gap: 15px; + padding: 20px; + background-color: rgba(255, 255, 255, 0.9); + box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); + z-index: 9999; +} + +.simple-spinner { + border: 6px solid #e0e0e0; + border-top: 6px solid #0D7997; + border-radius: 50%; + width: 50px; + height: 50px; + animation: simple-spin 1s linear infinite; +} + +@keyframes simple-spin { + 0% { transform: rotate(0deg); } + 100% { transform: rotate(360deg); } +} + +.simple-loader-text { + font-size: 1.1em; + color: #555; +} +.code-container { + position: relative; + margin-bottom: 1em; +} +.copy-button { + position: absolute; + top: 4px; + right: 5px; + color: rgb(2, 2, 2); + border: none; + padding: 5px 10px; + border-radius: 3px; + cursor: pointer; + font-size: 0.8em; + opacity: 2; + transition: opacity 0.3s ease-in-out; + background-color: transparent; +} +.cop{ + height: 14px; + width: 13px; +} +.main-content { + margin-top: 64px; + padding: 2rem; + max-width: 1200px; + margin-left: auto; + margin-right: auto; + display: none; + grid-template-columns: 1fr 300px; + gap: 3rem; + align-items: flex-start; +} + +main { + min-width: 0; +} + +.breadcrumb { + margin-bottom: 2rem; + color: #64748b; + display: flex; + align-items: center; + gap: 0.5rem; + font-size: 0.9rem; +} + +.breadcrumb a { + color: #64748b; + text-decoration: none; +} + +.breadcrumb a:hover { + color: #1e293b; +} + +#readme-content { + padding: 1.5rem; + border-radius: 8px; + line-height: 1.7; + color: #475569; + word-wrap: break-word; + overflow-wrap: break-word; +} + +#readme-content h1 { + font-size: 2rem; + color: #1e293b; + font-weight: 600; + margin-bottom: 1.5rem; + padding-top: 0.5rem; + scroll-margin-top: 70px; +} + +#readme-content h2 { + font-size: 1.5rem; + color: #1e293b; + font-weight: 600; + margin-top: 2rem; + margin-bottom: 1rem; + padding-top: 0.5rem; + scroll-margin-top: 70px; +} + +#readme-content h3 { + font-size: 1.25rem; + color: #1e293b; + font-weight: 600; + margin-top: 1.5rem; + margin-bottom: 0.75rem; +} + +#readme-content p { + margin-bottom: 1rem; +} + +#readme-content ol, +#readme-content ul { + margin-left: 1.5rem; + margin-bottom: 1rem; +} + +#readme-content li { + margin-bottom: 0.5rem; +} + +#readme-content pre { + background: #f1f5f9; + padding: 1.5rem 1rem 1rem 1rem; + border-radius: 6px; + font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace; + font-size: 0.875rem; + color: #475569; + margin: 1rem 0; + overflow-x: auto; +} + +#readme-content pre code { + display: block; +} + +#readme-content img { + max-width: 100%; + height: auto; + border-radius: 8px; + margin: 1rem 0; + display: block; +} + +#readme-content table { + width: 100%; + border-collapse: collapse; + margin: 1rem 0; + display: block; + overflow-x: auto; +} + +#readme-content th, +#readme-content td { + border: 1px solid #e2e8f0; + padding: 0.75rem; + text-align: left; +} + +#readme-content th { + background-color: #f1f5f9; + font-weight: 600; + color: #1e293b; +} + +.sidebar { + position: sticky; + top: 84px; + height: calc(100vh - 104px); + background: white; + border: 1px solid #e2e8f0; + border-radius: 8px; + padding: 1.5rem; + box-shadow: 0 1px 3px rgba(0,0,0,0.05); + display: flex; + flex-direction: column; +} +.copy-svg{ + background-color: #f1f5f9; + border-radius: 5px; +} +.language-bash{ + padding-right: 10px; +} +@media only screen and (max-width: 767px) { + #sidebar { + display: none; + } + .cop{ + height: 11px; + width: 10px; +} +} +.sidebar-header { + display: flex; + justify-content: space-between; + align-items: center; + margin-bottom: 1rem; + border-bottom: 1px solid #e2e8f0; + padding-bottom: 0.5rem; +} +.sidebar h3 { + font-size: 1rem; + font-weight: 600; + color: #1e293b; + margin-bottom: 0; +} + +.search-button { + background: none; + border: none; + cursor: pointer; + color: #64748b; + font-size: 1rem; + transition: color 0.2s; + padding: 0.25rem; + border-radius: 4px; +} + +.search-button:hover { + color: #1e293b; + background-color: #f1f5f9; +} + +.search-container { + margin-bottom: 1rem; + display: none; +} + +.search-container.active { + display: block; +} + +.search-container input { + width: 100%; + padding: 0.75rem 1rem; + border: 1px solid #e2e8f0; + border-radius: 6px; + font-size: 0.9rem; + color: #475569; + outline: none; + transition: border-color 0.2s; +} + +.search-container input:focus { + border-color: #3b82f6; +} + +#sidebar-content { + display: flex; + flex-direction: column; + flex-grow: 1; + overflow-y: auto; + border-radius: 5px; +} + +#sidebar-content a { + text-decoration: none; + color: #64748b; + padding: 0.5rem 0.75rem; + margin-bottom: 0.25rem; + border-radius: 4px; + transition: background-color 0.2s, color 0.2s; + white-space: nowrap; + text-overflow: ellipsis; +} + +#sidebar-content a:hover { + background-color: #f1f5f9; + color: #1e293b; +} + +#sidebar-content a.level-2 { + padding-left: 1.5rem; +} + +#sidebar-content .active { + background-color: #e0f2f7; + color: #0891b2; + font-weight: 600; +} + +.sidebar-show-all { + display: block; + margin-top: 0.5rem; +} + +.chat-button { + position: fixed; + bottom: 2rem; + right: 2rem; + width: 60px; + height: 60px; + background: #0891b2; + border-radius: 50%; + border: none; + color: white; + font-size: 1.5rem; + cursor: pointer; + box-shadow: 0 4px 12px rgba(8, 145, 178, 0.3); + transition: all 0.2s; + z-index: 1000; +} + +.chat-button:hover { + background: #0e7490; + transform: scale(1.05); +} + +@media (max-width: 768px) { + .main-content { + grid-template-columns: 1fr; + padding: 1rem; + gap: 1.5rem; + } + + .navbar { + padding: 0 1rem; + } + + .nav-links { + display: none; + } + + .sidebar { + position: static; + height: auto; + margin-top: 1.5rem; + } +} + +#readme-content { + position: relative; + overflow: hidden; + padding: 1.5rem; + border-radius: 8px; + line-height: 1.7; + color: #475569; + word-wrap: break-word; + overflow-wrap: break-word; +} +.img-404{ + content: center; +} +.loading-bar { + position: absolute; + top: 0; + left: 0; + width: 100%; + height: 4px; + background-color: #3b82f6; + transform: translateX(-100%); + animation: loading 1.5s infinite ease-in-out; + z-index: 10; + display: none; +} + +.loading-bar.active { + display: block; +} + +@keyframes loading { + 0% { + transform: translateX(-100%); + } + 50% { + transform: translateX(100%); + } + 100% { + transform: translateX(-100%); + } } \ No newline at end of file diff --git a/docs/src/css/style.css b/docs/src/css/style.css index 929fe788..4533d47f 100644 --- a/docs/src/css/style.css +++ b/docs/src/css/style.css @@ -1,940 +1,940 @@ -* { - margin: 0; - padding: 0; - box-sizing: border-box; -} - - -html { - font-size: 16px; - scroll-behavior: smooth; -} - - -body { - font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", - "Helvetica Neue", sans-serif; - background-color: #ffffff; - color: #333; - line-height: 1.6; -} - - -.skip-link { - position: absolute; - top: -40px; - left: 6px; - background: #000; - color: #fff; - padding: 0.5rem 1rem; - text-decoration: none; - border-radius: 0.25rem; - z-index: 1000; - font-weight: 600; -} - - -.skip-link:focus { - top: 6px; -} - - -.sr-only { - position: absolute; - width: 1px; - height: 1px; - padding: 0; - margin: -1px; - overflow: hidden; - clip: rect(0, 0, 0, 0); - white-space: nowrap; - border: 0; -} - - -*:focus { - outline-offset: 2px; -} - -button:focus, -a:focus, -input:focus, -select:focus, -textarea:focus { - outline-offset: 2px; -} - -@media (max-width: 600px) { - .button-container { - flex-direction: column; - align-items: stretch; - gap: 0.5rem; - } - - .github-button { - align-self: flex-end; - } - - .base-button, - .github-button { - width: 100%; - justify-content: center; - font-size: 14px; - padding: 10px; - height: auto; - } - - .github-button img { - width: 18px; - height: 18px; - margin-right: 6px; - } -} - -.contributor-button-modifier:hover { - background-color: #118cae; -} - - -.container { - max-width: 1200px; - margin: 0 auto; - padding: 0 1.25rem; -} - - -.hero-image { - flex: 1; - max-width: 234px; - display: flex; - justify-content: center; -} - - -.hero-content { - flex: 1; - max-width: 37.5rem; -} - - -.hero { - padding: 5rem 0; - background: linear-gradient(135deg, #f8fafc 0%, #ffffff 100%); - padding-left: 150px; - padding-right: 150px; -} - - -.hero .container { - display: flex; - align-items: center; - justify-content: space-between; - gap: 3.75rem; -} - - -.hero-content h1 { - font-size: 2.625rem; - font-weight: 500; - margin-bottom: 1.25rem; - line-height: 1.2; - color: #1a1a1a; -} - - -.hero-content p { - font-size: 1.125rem; - color: #555; - line-height: 1.7; -} - - -img { - max-width: 100%; - height: auto; - display: block; -} - - -.integrations { - padding: 2.5rem 0 5rem; -} - - -.integrations h2 { - font-size: 1.75rem; - font-weight: 300; - margin-bottom: -0.125rem; - color: #1a1a1a; -} - - -.search-container { - margin-bottom: 1.875rem; - position: relative; -} - -.contri-link{ - text-decoration: none; -} - -#search-integrations { - width: 100%; - padding: 0.75rem 1.25rem; - border: 1px solid #e0e0e0; - border-radius: 0.5rem; - font-size: 1rem; - transition: all 0.2s ease; - cursor: pointer; -} - - -#search-integrations:focus { - box-shadow: 0 0 0 3px rgba(0, 102, 204, 0.1); -} - - -#search-integrations::placeholder { - color: #999; -} - - -.tabs { - margin-top: 1.25rem; -} - - -.tab-buttons { - display: flex; - margin-bottom: 1.875rem; - border-bottom: 1px solid #e0e0e0; -} - - -.tab-btn { - background: none; - border: none; - padding: 0.75rem 1.25rem; - font-size: 1rem; - font-weight: 500; - color: #555; - cursor: pointer; - position: relative; - transition: all 0.2s ease; -} - - -.tab-btn:hover { - color: #1a1a1a; - background-color: #f8fafc; -} - - -.tab-btn[aria-selected="true"] { - color: #1a1a1a; -} - - -.tab-btn[aria-selected="true"]::after { - content: ""; - position: absolute; - bottom: -1px; - left: 0; - width: 100%; - height: 2px; - background-color: #8EC0E0; -} - - -.tab-content { - display: flex; -} - - -.tab-pane { - display: none; - width: 100%; -} - - -.tab-pane.active { - display: flex; - flex-direction: row; - gap: 1.875rem; - align-items: flex-start; -} - - - - - - -.categories-sidebar { - margin-top: 73px; - width: 12.5rem; - flex-shrink: 0; - position: sticky; - top: 2rem; - height: fit-content; - background: #fff; - border-radius: 0.5rem; - padding: 1rem; - box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1); - z-index: 10; -} - - -.categories-sidebar ul { - list-style: none; -} - - -.categories-sidebar li { - margin-bottom: 0.5rem; -} - - -.category-btn { - width: 100%; - text-align: left; - background: none; - border: none; - padding: 0.75rem 1rem; - font-size: 1rem; - color: #555; - cursor: pointer; - border-radius: 0.5rem; - transition: all 0.2s ease; -} - - -.category-btn:hover, -.category-btn:focus { - background-color: #f8fafc; - color: #1a1a1a; -} - - -.category-btn[aria-pressed="true"], -.category-btn.active { - background-color: #f0f8ff; -} - - -.integration-sections { - flex: 1; -} - - -.category-section { - margin-bottom: 3rem; - scroll-margin-top: 2rem; -} - - -.category-title { - font-size: 1.2rem; - font-weight: 300; - color: #1a1a1a; - margin-bottom: 1.5rem; - padding-bottom: 0.5rem; - border-bottom: 2px solid #e0e0e0; -} - - -.integration-cards { - display: grid; - grid-template-columns: repeat(1, 1fr); - gap: 1.25rem; -} - - -.integration-card { - border: 1px solid #e0e0e0; - border-radius: 0.75rem; - padding: 1.5rem; - transition: all 0.3s ease; - background: #fff; - cursor: pointer; - position: relative; - height: 180px; -} - -.integration-card-link { - text-decoration: none; -} - -.integration-card-header { - display: flex; - align-items: center; - margin-bottom: 1rem; -} - -.integration-card-icon { - width: 2.5rem; - height: 2.5rem; - margin-right: 1rem; - border-radius: 0.5rem; - object-fit: contain; -} - -.integration-card-title { - font-size: 1.125rem; - font-weight: 350; - color: #1a1a1a; -} - - -.integration-card-description { - font-size: 0.875rem; - color: #555; - line-height: 1.5; - overflow: hidden; - text-overflow: ellipsis; - display: -webkit-box; - -webkit-line-clamp: 2; - -webkit-box-orient: vertical; -} - - - -.integration-card:hover { - border-color: rgba(163, 163, 163); -} - - -.integration-card:focus-within { - box-shadow: 0 0 0 3px rgba(0, 102, 204, 0.1); - border-color: #8EC0E0; -} - - -.integration-card-category { - position: absolute; - top: 0.75rem; - right: 0.75rem; - background: #f0f8ff; - color: #8EC0E0; - padding: 0.25rem 0.5rem; - border-radius: 0.25rem; - font-size: 0.75rem; - font-weight: 500; -} - - -.no-results { - text-align: center; - padding: 3rem 1rem; - color: #666; -} - - -.no-results h3 { - font-size: 1.25rem; - margin-bottom: 0.5rem; -} - - -.faq-section { - padding: 3rem 0; - background-color: #f8fafc; -} - - -.faq-section h2 { - font-size: 1.75rem; - font-weight: 700; - margin-bottom: 2rem; - color: #1a1a1a; - text-align: center; -} - - -.faq-container { - max-width: 800px; - margin: 0 auto; -} - - -.faq-item { - background: #fff; - border-radius: 0.5rem; - margin-bottom: 1rem; - box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1); - overflow: hidden; -} - - -.faq-question { - width: 100%; - text-align: left; - background: none; - border: none; - padding: 1.5rem; - font-size: 1.125rem; - font-weight: 600; - color: #1a1a1a; - cursor: pointer; - display: flex; - justify-content: space-between; - align-items: center; - transition: background-color 0.2s ease; -} - - -.faq-question:hover { - background-color: #f8fafc; -} - - -.faq-question[aria-expanded="true"] { - background-color: #f0f8ff; -} - - -.faq-icon { - font-size: 1.5rem; - transition: transform 0.2s ease; -} - - -.faq-question[aria-expanded="true"] .faq-icon { - transform: rotate(45deg); -} - - -.faq-answer { - padding: 0.5rem 1rem 0.5rem 1rem; - color: #555; - line-height: 1.6; - display: none; -} - - -.faq-answer.active { - display: block; - animation: fadeIn 0.3s ease; -} - - -@keyframes fadeIn { - from { - opacity: 0; - transform: translateY(-10px); - } - to { - opacity: 1; - transform: translateY(0); - } -} - - -.search-overlay { - position: fixed; - top: 0; - left: 0; - width: 100%; - height: 100%; - background: rgba(0, 0, 0, 0.8); - z-index: 1000; - display: none; - align-items: flex-start; - justify-content: center; - padding-top: 10vh; -} - - -.search-overlay.active { - display: flex; -} - - -.search-overlay-content { - background: #fff; - border-radius: 0.75rem; - width: 90%; - max-width: 600px; - max-height: 80vh; - overflow: hidden; - box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3); -} - - -.search-overlay-header { - display: flex; - align-items: center; - padding: 1rem; - border-bottom: 1px solid #e0e0e0; -} - - -#search-overlay-input { - flex: 1; - border: none; - font-size: 1.125rem; - padding: 0.5rem; - outline: none; -} - - -.search-overlay-close { - background: none; - border: none; - font-size: 1.5rem; - cursor: pointer; - padding: 0.5rem; - color: #666; - border-radius: 0.25rem; -} - - -.search-overlay-close:hover { - background-color: #f5f5f5; -} - - -.search-suggestions { - max-height: 400px; - overflow-y: auto; -} - - -.search-suggestion { - display: flex; - align-items: center; - padding: 1rem; - cursor: pointer; - border-bottom: 1px solid #f0f0f0; - transition: background-color 0.2s ease; -} - - -.search-suggestion:hover, -.search-suggestion:focus { - background-color: #f8fafc; -} - - -.search-suggestion:last-child { - border-bottom: none; -} - - -.search-suggestion-icon { - width: 2rem; - height: 2rem; - margin-right: 1rem; - border-radius: 0.25rem; - object-fit: contain; -} - - -.search-suggestion-content { - flex: 1; -} - - -.search-suggestion-title { - font-weight: 600; - color: #1a1a1a; - margin-bottom: 0.25rem; -} - - -.search-suggestion-description { - font-size: 0.875rem; - color: #666; -} - - -.search-suggestion-category { - background: #f0f8ff; - color: #8EC0E0; - padding: 0.25rem 0.5rem; - border-radius: 0.25rem; - font-size: 0.75rem; - font-weight: 500; -} - - -.no-suggestions { - padding: 2rem; - text-align: center; - color: #666; -} - - -@media (min-width: 768px) { - .integration-cards { - grid-template-columns: repeat(2, 1fr); - } -} - - -@media (min-width: 1024px) { - .integration-cards { - grid-template-columns: repeat(3, 1fr); - } -} - - -@media (max-width: 969px) { - .hero { - padding-left: 0; - padding-right: 0; - } -} - - -@media (max-width: 768px) { - .container { - padding: 0 1rem; - } - - - .categories-sidebar{ - margin-top: 0px; - } - - - .hero .container { - flex-direction: column; - text-align: center; - gap: 2rem; - } - - - .hero-content { - padding-right: 0; - } - - - .hero-content h1 { - font-size: 2rem; - } - - - .hero-content p { - font-size: 1rem; - } - - - .tab-pane.active { - flex-direction: column; - gap: 1rem; - } - - - .categories-sidebar { - width: 100%; - position: static; - padding: 0.5rem; - box-shadow: none; - border: 1px solid #e0e0e0; - } - - - .categories-sidebar ul { - display: flex; - flex-wrap: wrap; - gap: 0.5rem; - } - - - .categories-sidebar li { - margin-bottom: 0; - } - - - .category-btn { - width: auto; - padding: 0.5rem 1rem; - white-space: nowrap; - } - - - .search-overlay-content { - width: 95%; - margin: 0 auto; - } -} - - -@media (max-width: 480px) { - .hero-content h1 { - font-size: 1.75rem; - } - - - .integration-card { - padding: 1rem; - } - - - .tab-btn { - padding: 0.5rem 0.75rem; - font-size: 0.875rem; - } - - - .search-overlay { - padding-top: 5vh; - } -} - - - -.button-container { - display: flex; - align-items: center; - gap: 1rem; - font-family: Arial, sans-serif; - flex-wrap: wrap; -} - -.base-button { - display: flex; - align-items: center; - background-color: white; - border: 1px solid #E0E0E0; - padding: 10px 15px; - border-radius: 12px; - color: #374151; - font-size: 16px; - text-decoration: none; - height: 48px; - transition: border 0.3s; - cursor: pointer; -} - -.base-button:hover { - border-color: #A3A3A3; - color: #111827; -} - -.github-button { - display: flex; - align-items: center; - background-color: #ffffff; - border: 1px solid #E0E0E0; - padding: 22px 13px; - border-radius: 12px; - color: #374151; - font-size: 16px; - text-decoration: none; - height: 48px; - transition: border 0.3s; - cursor: pointer; -} - -.github-button:hover { - border-color: #A3A3A3; - color: #111827; -} - -.github-button img { - width: 20px; - height: 20px; - margin-right: 8px; -} - - - - -@media (prefers-contrast: high) { - .integration-card { - border-width: 2px; - } - - - .tab-btn[aria-selected="true"]::after { - height: 3px; - } -} - - -@media (prefers-reduced-motion: reduce) { - * { - animation-duration: 0.01ms !important; - animation-iteration-count: 1 !important; - transition-duration: 0.01ms !important; - } - - - html { - scroll-behavior: auto; - } -} - - -.integrations-header { - display: flex; - align-items: center; - justify-content: space-between; - padding: 1.25rem 0; -} - - -.integrations-header span { - /* margin-left: 20px; */ - /* background-color: white; */ -} - -.github-modifier { - display: inline-block; - border: 1px solid black; - border-radius: 12px; - width: 100%; - padding-top: 0.5rem; - padding-buttom: 0.5rem; - text-align: center; - box-sizing: border-box; - font-size: 1rem; - color: black; - cursor: pointer; - outline: none; - text-decoration: none; - transition: background-color 0.3s ease; -} - -.contributor-button-modifier { - display: inline-block; - background-color: #0C7996; - border-radius: 12px; - padding: 1rem; - width: 100%; - text-align: left; - padding: 0.75rem 1rem; - box-sizing: border-box; - font-size: 1rem; - color: white; - cursor: pointer; - outline: none; - text-decoration: none; - text-align: center; - transition: background-color 0.3s ease; -} - -.contri-button { - display: flex; - align-items: center; - gap: 0.75rem; - /* padding: 1rem; */ -} - -@media print { - .skip-link, - .search-container, - .tab-buttons, - .search-overlay { - display: none; - } - - - .integration-card { - break-inside: avoid; - box-shadow: none; - border: 1px solid #000; - min-height: 180px; - } +* { + margin: 0; + padding: 0; + box-sizing: border-box; +} + + +html { + font-size: 16px; + scroll-behavior: smooth; +} + + +body { + font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", + "Helvetica Neue", sans-serif; + background-color: #ffffff; + color: #333; + line-height: 1.6; +} + + +.skip-link { + position: absolute; + top: -40px; + left: 6px; + background: #000; + color: #fff; + padding: 0.5rem 1rem; + text-decoration: none; + border-radius: 0.25rem; + z-index: 1000; + font-weight: 600; +} + + +.skip-link:focus { + top: 6px; +} + + +.sr-only { + position: absolute; + width: 1px; + height: 1px; + padding: 0; + margin: -1px; + overflow: hidden; + clip: rect(0, 0, 0, 0); + white-space: nowrap; + border: 0; +} + + +*:focus { + outline-offset: 2px; +} + +button:focus, +a:focus, +input:focus, +select:focus, +textarea:focus { + outline-offset: 2px; +} + +@media (max-width: 600px) { + .button-container { + flex-direction: column; + align-items: stretch; + gap: 0.5rem; + } + + .github-button { + align-self: flex-end; + } + + .base-button, + .github-button { + width: 100%; + justify-content: center; + font-size: 14px; + padding: 10px; + height: auto; + } + + .github-button img { + width: 18px; + height: 18px; + margin-right: 6px; + } +} + +.contributor-button-modifier:hover { + background-color: #118cae; +} + + +.container { + max-width: 1200px; + margin: 0 auto; + padding: 0 1.25rem; +} + + +.hero-image { + flex: 1; + max-width: 234px; + display: flex; + justify-content: center; +} + + +.hero-content { + flex: 1; + max-width: 37.5rem; +} + + +.hero { + padding: 5rem 0; + background: linear-gradient(135deg, #f8fafc 0%, #ffffff 100%); + padding-left: 150px; + padding-right: 150px; +} + + +.hero .container { + display: flex; + align-items: center; + justify-content: space-between; + gap: 3.75rem; +} + + +.hero-content h1 { + font-size: 2.625rem; + font-weight: 500; + margin-bottom: 1.25rem; + line-height: 1.2; + color: #1a1a1a; +} + + +.hero-content p { + font-size: 1.125rem; + color: #555; + line-height: 1.7; +} + + +img { + max-width: 100%; + height: auto; + display: block; +} + + +.integrations { + padding: 2.5rem 0 5rem; +} + + +.integrations h2 { + font-size: 1.75rem; + font-weight: 300; + margin-bottom: -0.125rem; + color: #1a1a1a; +} + + +.search-container { + margin-bottom: 1.875rem; + position: relative; +} + +.contri-link{ + text-decoration: none; +} + +#search-integrations { + width: 100%; + padding: 0.75rem 1.25rem; + border: 1px solid #e0e0e0; + border-radius: 0.5rem; + font-size: 1rem; + transition: all 0.2s ease; + cursor: pointer; +} + + +#search-integrations:focus { + box-shadow: 0 0 0 3px rgba(0, 102, 204, 0.1); +} + + +#search-integrations::placeholder { + color: #999; +} + + +.tabs { + margin-top: 1.25rem; +} + + +.tab-buttons { + display: flex; + margin-bottom: 1.875rem; + border-bottom: 1px solid #e0e0e0; +} + + +.tab-btn { + background: none; + border: none; + padding: 0.75rem 1.25rem; + font-size: 1rem; + font-weight: 500; + color: #555; + cursor: pointer; + position: relative; + transition: all 0.2s ease; +} + + +.tab-btn:hover { + color: #1a1a1a; + background-color: #f8fafc; +} + + +.tab-btn[aria-selected="true"] { + color: #1a1a1a; +} + + +.tab-btn[aria-selected="true"]::after { + content: ""; + position: absolute; + bottom: -1px; + left: 0; + width: 100%; + height: 2px; + background-color: #8EC0E0; +} + + +.tab-content { + display: flex; +} + + +.tab-pane { + display: none; + width: 100%; +} + + +.tab-pane.active { + display: flex; + flex-direction: row; + gap: 1.875rem; + align-items: flex-start; +} + + + + + + +.categories-sidebar { + margin-top: 73px; + width: 12.5rem; + flex-shrink: 0; + position: sticky; + top: 2rem; + height: fit-content; + background: #fff; + border-radius: 0.5rem; + padding: 1rem; + box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1); + z-index: 10; +} + + +.categories-sidebar ul { + list-style: none; +} + + +.categories-sidebar li { + margin-bottom: 0.5rem; +} + + +.category-btn { + width: 100%; + text-align: left; + background: none; + border: none; + padding: 0.75rem 1rem; + font-size: 1rem; + color: #555; + cursor: pointer; + border-radius: 0.5rem; + transition: all 0.2s ease; +} + + +.category-btn:hover, +.category-btn:focus { + background-color: #f8fafc; + color: #1a1a1a; +} + + +.category-btn[aria-pressed="true"], +.category-btn.active { + background-color: #f0f8ff; +} + + +.integration-sections { + flex: 1; +} + + +.category-section { + margin-bottom: 3rem; + scroll-margin-top: 2rem; +} + + +.category-title { + font-size: 1.2rem; + font-weight: 300; + color: #1a1a1a; + margin-bottom: 1.5rem; + padding-bottom: 0.5rem; + border-bottom: 2px solid #e0e0e0; +} + + +.integration-cards { + display: grid; + grid-template-columns: repeat(1, 1fr); + gap: 1.25rem; +} + + +.integration-card { + border: 1px solid #e0e0e0; + border-radius: 0.75rem; + padding: 1.5rem; + transition: all 0.3s ease; + background: #fff; + cursor: pointer; + position: relative; + height: 180px; +} + +.integration-card-link { + text-decoration: none; +} + +.integration-card-header { + display: flex; + align-items: center; + margin-bottom: 1rem; +} + +.integration-card-icon { + width: 2.5rem; + height: 2.5rem; + margin-right: 1rem; + border-radius: 0.5rem; + object-fit: contain; +} + +.integration-card-title { + font-size: 1.125rem; + font-weight: 350; + color: #1a1a1a; +} + + +.integration-card-description { + font-size: 0.875rem; + color: #555; + line-height: 1.5; + overflow: hidden; + text-overflow: ellipsis; + display: -webkit-box; + -webkit-line-clamp: 2; + -webkit-box-orient: vertical; +} + + + +.integration-card:hover { + border-color: rgba(163, 163, 163); +} + + +.integration-card:focus-within { + box-shadow: 0 0 0 3px rgba(0, 102, 204, 0.1); + border-color: #8EC0E0; +} + + +.integration-card-category { + position: absolute; + top: 0.75rem; + right: 0.75rem; + background: #f0f8ff; + color: #8EC0E0; + padding: 0.25rem 0.5rem; + border-radius: 0.25rem; + font-size: 0.75rem; + font-weight: 500; +} + + +.no-results { + text-align: center; + padding: 3rem 1rem; + color: #666; +} + + +.no-results h3 { + font-size: 1.25rem; + margin-bottom: 0.5rem; +} + + +.faq-section { + padding: 3rem 0; + background-color: #f8fafc; +} + + +.faq-section h2 { + font-size: 1.75rem; + font-weight: 700; + margin-bottom: 2rem; + color: #1a1a1a; + text-align: center; +} + + +.faq-container { + max-width: 800px; + margin: 0 auto; +} + + +.faq-item { + background: #fff; + border-radius: 0.5rem; + margin-bottom: 1rem; + box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1); + overflow: hidden; +} + + +.faq-question { + width: 100%; + text-align: left; + background: none; + border: none; + padding: 1.5rem; + font-size: 1.125rem; + font-weight: 600; + color: #1a1a1a; + cursor: pointer; + display: flex; + justify-content: space-between; + align-items: center; + transition: background-color 0.2s ease; +} + + +.faq-question:hover { + background-color: #f8fafc; +} + + +.faq-question[aria-expanded="true"] { + background-color: #f0f8ff; +} + + +.faq-icon { + font-size: 1.5rem; + transition: transform 0.2s ease; +} + + +.faq-question[aria-expanded="true"] .faq-icon { + transform: rotate(45deg); +} + + +.faq-answer { + padding: 0.5rem 1rem 0.5rem 1rem; + color: #555; + line-height: 1.6; + display: none; +} + + +.faq-answer.active { + display: block; + animation: fadeIn 0.3s ease; +} + + +@keyframes fadeIn { + from { + opacity: 0; + transform: translateY(-10px); + } + to { + opacity: 1; + transform: translateY(0); + } +} + + +.search-overlay { + position: fixed; + top: 0; + left: 0; + width: 100%; + height: 100%; + background: rgba(0, 0, 0, 0.8); + z-index: 1000; + display: none; + align-items: flex-start; + justify-content: center; + padding-top: 10vh; +} + + +.search-overlay.active { + display: flex; +} + + +.search-overlay-content { + background: #fff; + border-radius: 0.75rem; + width: 90%; + max-width: 600px; + max-height: 80vh; + overflow: hidden; + box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3); +} + + +.search-overlay-header { + display: flex; + align-items: center; + padding: 1rem; + border-bottom: 1px solid #e0e0e0; +} + + +#search-overlay-input { + flex: 1; + border: none; + font-size: 1.125rem; + padding: 0.5rem; + outline: none; +} + + +.search-overlay-close { + background: none; + border: none; + font-size: 1.5rem; + cursor: pointer; + padding: 0.5rem; + color: #666; + border-radius: 0.25rem; +} + + +.search-overlay-close:hover { + background-color: #f5f5f5; +} + + +.search-suggestions { + max-height: 400px; + overflow-y: auto; +} + + +.search-suggestion { + display: flex; + align-items: center; + padding: 1rem; + cursor: pointer; + border-bottom: 1px solid #f0f0f0; + transition: background-color 0.2s ease; +} + + +.search-suggestion:hover, +.search-suggestion:focus { + background-color: #f8fafc; +} + + +.search-suggestion:last-child { + border-bottom: none; +} + + +.search-suggestion-icon { + width: 2rem; + height: 2rem; + margin-right: 1rem; + border-radius: 0.25rem; + object-fit: contain; +} + + +.search-suggestion-content { + flex: 1; +} + + +.search-suggestion-title { + font-weight: 600; + color: #1a1a1a; + margin-bottom: 0.25rem; +} + + +.search-suggestion-description { + font-size: 0.875rem; + color: #666; +} + + +.search-suggestion-category { + background: #f0f8ff; + color: #8EC0E0; + padding: 0.25rem 0.5rem; + border-radius: 0.25rem; + font-size: 0.75rem; + font-weight: 500; +} + + +.no-suggestions { + padding: 2rem; + text-align: center; + color: #666; +} + + +@media (min-width: 768px) { + .integration-cards { + grid-template-columns: repeat(2, 1fr); + } +} + + +@media (min-width: 1024px) { + .integration-cards { + grid-template-columns: repeat(3, 1fr); + } +} + + +@media (max-width: 969px) { + .hero { + padding-left: 0; + padding-right: 0; + } +} + + +@media (max-width: 768px) { + .container { + padding: 0 1rem; + } + + + .categories-sidebar{ + margin-top: 0px; + } + + + .hero .container { + flex-direction: column; + text-align: center; + gap: 2rem; + } + + + .hero-content { + padding-right: 0; + } + + + .hero-content h1 { + font-size: 2rem; + } + + + .hero-content p { + font-size: 1rem; + } + + + .tab-pane.active { + flex-direction: column; + gap: 1rem; + } + + + .categories-sidebar { + width: 100%; + position: static; + padding: 0.5rem; + box-shadow: none; + border: 1px solid #e0e0e0; + } + + + .categories-sidebar ul { + display: flex; + flex-wrap: wrap; + gap: 0.5rem; + } + + + .categories-sidebar li { + margin-bottom: 0; + } + + + .category-btn { + width: auto; + padding: 0.5rem 1rem; + white-space: nowrap; + } + + + .search-overlay-content { + width: 95%; + margin: 0 auto; + } +} + + +@media (max-width: 480px) { + .hero-content h1 { + font-size: 1.75rem; + } + + + .integration-card { + padding: 1rem; + } + + + .tab-btn { + padding: 0.5rem 0.75rem; + font-size: 0.875rem; + } + + + .search-overlay { + padding-top: 5vh; + } +} + + + +.button-container { + display: flex; + align-items: center; + gap: 1rem; + font-family: Arial, sans-serif; + flex-wrap: wrap; +} + +.base-button { + display: flex; + align-items: center; + background-color: white; + border: 1px solid #E0E0E0; + padding: 10px 15px; + border-radius: 12px; + color: #374151; + font-size: 16px; + text-decoration: none; + height: 48px; + transition: border 0.3s; + cursor: pointer; +} + +.base-button:hover { + border-color: #A3A3A3; + color: #111827; +} + +.github-button { + display: flex; + align-items: center; + background-color: #ffffff; + border: 1px solid #E0E0E0; + padding: 22px 13px; + border-radius: 12px; + color: #374151; + font-size: 16px; + text-decoration: none; + height: 48px; + transition: border 0.3s; + cursor: pointer; +} + +.github-button:hover { + border-color: #A3A3A3; + color: #111827; +} + +.github-button img { + width: 20px; + height: 20px; + margin-right: 8px; +} + + + + +@media (prefers-contrast: high) { + .integration-card { + border-width: 2px; + } + + + .tab-btn[aria-selected="true"]::after { + height: 3px; + } +} + + +@media (prefers-reduced-motion: reduce) { + * { + animation-duration: 0.01ms !important; + animation-iteration-count: 1 !important; + transition-duration: 0.01ms !important; + } + + + html { + scroll-behavior: auto; + } +} + + +.integrations-header { + display: flex; + align-items: center; + justify-content: space-between; + padding: 1.25rem 0; +} + + +.integrations-header span { + /* margin-left: 20px; */ + /* background-color: white; */ +} + +.github-modifier { + display: inline-block; + border: 1px solid black; + border-radius: 12px; + width: 100%; + padding-top: 0.5rem; + padding-buttom: 0.5rem; + text-align: center; + box-sizing: border-box; + font-size: 1rem; + color: black; + cursor: pointer; + outline: none; + text-decoration: none; + transition: background-color 0.3s ease; +} + +.contributor-button-modifier { + display: inline-block; + background-color: #0C7996; + border-radius: 12px; + padding: 1rem; + width: 100%; + text-align: left; + padding: 0.75rem 1rem; + box-sizing: border-box; + font-size: 1rem; + color: white; + cursor: pointer; + outline: none; + text-decoration: none; + text-align: center; + transition: background-color 0.3s ease; +} + +.contri-button { + display: flex; + align-items: center; + gap: 0.75rem; + /* padding: 1rem; */ +} + +@media print { + .skip-link, + .search-container, + .tab-buttons, + .search-overlay { + display: none; + } + + + .integration-card { + break-inside: avoid; + box-shadow: none; + border: 1px solid #000; + min-height: 180px; + } } \ No newline at end of file diff --git a/docs/src/js/config.js b/docs/src/js/config.js index 91c96db8..d22865ca 100644 --- a/docs/src/js/config.js +++ b/docs/src/js/config.js @@ -1,143 +1,143 @@ -const integrationsData = { - categories: { - Applications: [ - { - id: "wordpress", - name: "WordPress", - icon: "https://framerusercontent.com/images/1tMwCNL8nyVYanLeO1YXCmyD8.svg", - description: "A content management system (CMS) written in PHP", - category: "Applications", - }, - { - id: "jupyterhub", - name: "Jupyterhub", - icon: "https://framerusercontent.com/images/hgWz13blJI6voMJlnl8LpCs7Cjs.svg", - description: "JupyterLab Is A Next-Generation Notebook Interface", - category: "Applications", - }, - { - id: "superset", - name: "Superset", - icon: "https://framerusercontent.com/images/j2PaA4EyjB3z8Te54CPtEl9G4pg.svg", - description: "Data Visualization and Data Exploration | Looker, Tableau alternative", - category: "Applications", - }, - { - id: "outline", - name: "Outline", - icon: "https://framerusercontent.com/images/me3PE9f0sDhtHyIisE955ABYK3c.svg", - description: "Beautiful, realtime collaborative, feature packed, and markdown compatible.", - category: "Applications", - }, - ], - Datastore: [ - { - id: "mysql", - name: "MySQL", - icon: "https://framerusercontent.com/images/o9NXlQW93tQQ6v3jTjDOcwxCMaU.svg", - description: "Deploy a MySQL database service", - category: "Datastore", - }, - { - id: "redis", - name: "Redis", - icon: "https://framerusercontent.com/images/8MWCYgdUmGTAMwJBrF8PdkFbfnI.svg", - description: "Redis key-value data store", - category: "Datastore", - }, - { - id: "cassandra", - name: "Cassandra", - icon: "https://framerusercontent.com/images/hyQRAJJoXaCLvlAd8IqafkKPitE.svg", - description: "Storing and managing large volumes of structured, semi-structured, and unstructured data.", - category: "Datastore", - }, - { - id: "mariadb", - name: "MariaDB", - icon: "https://framerusercontent.com/images/MrgrzzqL3aHPeAvXraV4W437EI.svg", - description: "The open source relational database", - category: "Datastore", - }, - { - id: "postgres", - name: "Postgres", - icon: "https://framerusercontent.com/images/AaiB0a2xIUnIemm6V905ML5c.svg", - description: "PostgreSQL database service", - category: "Datastore", - }, - { - id: "kafka", - name: "Kafka", - icon: "https://framerusercontent.com/images/T58vVQTZl0UnFlmzHJLYR7mpd8U.svg", - description: "A distributed event streaming platform for real-time data pipelines and stream processing.", - category: "Datastore", - }, - { - id: "redisdistributed", - name: "Redis (Distributed)", - icon: "https://framerusercontent.com/images/UijaNkqS0HW6UsMqM12w0Pg.png", - description: "Distributed Redis cluster for high availability and scalability", - category: "Datastore", - }, - { - id: "solr", - name: "SOLR", - icon: "https://framerusercontent.com/images/38xBPcJEGig795UQddhD41ra5xM.svg", - description: "An open-source search platform built on Apache Lucene.", - category: "Datastore", - }, - { - id: "cockroachdb", - name: "CockroachDB", - icon: "https://framerusercontent.com/images/yYgMVdoJyroUzIpxfhPZkgzb0OA.svg", - description: "Source-available distributed SQL database management system", - category: "Datastore", - }, - { - id: "dgraph", - name: "Dgraph", - icon: "https://framerusercontent.com/images/PqVSCt2usAAIShQahcf90ovxXqI.svg", - description: "The high-performance database for modern applications", - category: "Datastore", - }, - { - id: "chromadb", - name: "ChromaDB", - icon: "https://framerusercontent.com/images/chCSrOajsbttAYyRnFvhNbRgBEQ.svg", - description: "The AI-native embedding database", - category: "Datastore", - }, - { - id: "opentsdb", - name: "OpenTSDB", - icon: "https://framerusercontent.com/images/HMe9loL8PZLicwfLI1znIttA2g.png", - description: "A Distributed, Scalable Monitoring System", - category: "Datastore", - }, - { - id: "surrealdb", - name: "SurrealDB", - icon: "https://framerusercontent.com/images/bRyFhCW7zQ6XoCJv18CxnK8uE.svg", - description: "A scalable, distributed, collaborative, document-graph database", - category: "Datastore", - }, - { - id: "solrcloud", - name: "Solr Cloud", - icon: "https://framerusercontent.com/images/TF8qLyaVZCZ0P3IwWEqp9qfNH1A.svg", - description: "Scalable, fault-tolerant Apache Solr for distributed search and indexing.", - category: "Datastore", - }, - { - id: "scylladb", - name: "ScyllaDB", - icon: "https://framerusercontent.com/images/0MeJnJIpldPqz476W6rAWBSO4XE.svg", - description: "ScyllaDB is a source-available distributed NoSQL wide-column data store.", - category: "Datastore", - }, - ], - }, -}; - +const integrationsData = { + categories: { + Applications: [ + { + id: "wordpress", + name: "WordPress", + icon: "https://framerusercontent.com/images/1tMwCNL8nyVYanLeO1YXCmyD8.svg", + description: "A content management system (CMS) written in PHP", + category: "Applications", + }, + { + id: "jupyterhub", + name: "Jupyterhub", + icon: "https://framerusercontent.com/images/hgWz13blJI6voMJlnl8LpCs7Cjs.svg", + description: "JupyterLab Is A Next-Generation Notebook Interface", + category: "Applications", + }, + { + id: "superset", + name: "Superset", + icon: "https://framerusercontent.com/images/j2PaA4EyjB3z8Te54CPtEl9G4pg.svg", + description: "Data Visualization and Data Exploration | Looker, Tableau alternative", + category: "Applications", + }, + { + id: "outline", + name: "Outline", + icon: "https://framerusercontent.com/images/me3PE9f0sDhtHyIisE955ABYK3c.svg", + description: "Beautiful, realtime collaborative, feature packed, and markdown compatible.", + category: "Applications", + }, + ], + Datastore: [ + { + id: "mysql", + name: "MySQL", + icon: "https://framerusercontent.com/images/o9NXlQW93tQQ6v3jTjDOcwxCMaU.svg", + description: "Deploy a MySQL database service", + category: "Datastore", + }, + { + id: "redis", + name: "Redis", + icon: "https://framerusercontent.com/images/8MWCYgdUmGTAMwJBrF8PdkFbfnI.svg", + description: "Redis key-value data store", + category: "Datastore", + }, + { + id: "cassandra", + name: "Cassandra", + icon: "https://framerusercontent.com/images/hyQRAJJoXaCLvlAd8IqafkKPitE.svg", + description: "Storing and managing large volumes of structured, semi-structured, and unstructured data.", + category: "Datastore", + }, + { + id: "mariadb", + name: "MariaDB", + icon: "https://framerusercontent.com/images/MrgrzzqL3aHPeAvXraV4W437EI.svg", + description: "The open source relational database", + category: "Datastore", + }, + { + id: "postgres", + name: "Postgres", + icon: "https://framerusercontent.com/images/AaiB0a2xIUnIemm6V905ML5c.svg", + description: "PostgreSQL database service", + category: "Datastore", + }, + { + id: "kafka", + name: "Kafka", + icon: "https://framerusercontent.com/images/T58vVQTZl0UnFlmzHJLYR7mpd8U.svg", + description: "A distributed event streaming platform for real-time data pipelines and stream processing.", + category: "Datastore", + }, + { + id: "redisdistributed", + name: "Redis (Distributed)", + icon: "https://framerusercontent.com/images/UijaNkqS0HW6UsMqM12w0Pg.png", + description: "Distributed Redis cluster for high availability and scalability", + category: "Datastore", + }, + { + id: "solr", + name: "SOLR", + icon: "https://framerusercontent.com/images/38xBPcJEGig795UQddhD41ra5xM.svg", + description: "An open-source search platform built on Apache Lucene.", + category: "Datastore", + }, + { + id: "cockroachdb", + name: "CockroachDB", + icon: "https://framerusercontent.com/images/yYgMVdoJyroUzIpxfhPZkgzb0OA.svg", + description: "Source-available distributed SQL database management system", + category: "Datastore", + }, + { + id: "dgraph", + name: "Dgraph", + icon: "https://framerusercontent.com/images/PqVSCt2usAAIShQahcf90ovxXqI.svg", + description: "The high-performance database for modern applications", + category: "Datastore", + }, + { + id: "chromadb", + name: "ChromaDB", + icon: "https://framerusercontent.com/images/chCSrOajsbttAYyRnFvhNbRgBEQ.svg", + description: "The AI-native embedding database", + category: "Datastore", + }, + { + id: "opentsdb", + name: "OpenTSDB", + icon: "https://framerusercontent.com/images/HMe9loL8PZLicwfLI1znIttA2g.png", + description: "A Distributed, Scalable Monitoring System", + category: "Datastore", + }, + { + id: "surrealdb", + name: "SurrealDB", + icon: "https://framerusercontent.com/images/bRyFhCW7zQ6XoCJv18CxnK8uE.svg", + description: "A scalable, distributed, collaborative, document-graph database", + category: "Datastore", + }, + { + id: "solrcloud", + name: "Solr Cloud", + icon: "https://framerusercontent.com/images/TF8qLyaVZCZ0P3IwWEqp9qfNH1A.svg", + description: "Scalable, fault-tolerant Apache Solr for distributed search and indexing.", + category: "Datastore", + }, + { + id: "scylladb", + name: "ScyllaDB", + icon: "https://framerusercontent.com/images/0MeJnJIpldPqz476W6rAWBSO4XE.svg", + description: "ScyllaDB is a source-available distributed NoSQL wide-column data store.", + category: "Datastore", + }, + ], + }, +}; + export default integrationsData; // Export the already declared variable \ No newline at end of file diff --git a/docs/src/js/readme.js b/docs/src/js/readme.js index 26c618d2..12ae1c46 100644 --- a/docs/src/js/readme.js +++ b/docs/src/js/readme.js @@ -1,260 +1,260 @@ -import integrationsData from "./config.js"; -const urlParams = new URLSearchParams(window.location.search); -const integrationId = urlParams.get('id'); -const readmeContentDiv = document.getElementById('readme-content'); -const sidebarContentDiv = document.getElementById('sidebar-content'); -const mainReadmeArea = document.getElementById('main-readme-area'); -const searchToggleButton = document.getElementById('searchToggleButton'); -const searchContainer = document.getElementById('searchContainer'); -const searchInput = document.getElementById('searchInput'); -const loadingBar = document.querySelector('.loading-bar'); -const loadingMessage = readmeContentDiv.querySelector('p'); - -let headingElements = []; -let sidebarLinks = []; - -async function fetchMarkdown(url) { - try { - const response = await fetch(url); - if (response.ok) { - return await response.text(); - } else { - console.warn(`Failed to fetch markdown from ${url}: Status ${response.status}`); - return null; - } - } catch (error) { - console.error(`Error during fetch for ${url}:`, error); - return null; - } -} - -async function fetchReadme() { - if (loadingBar) loadingBar.classList.add('active'); - if (loadingMessage) loadingMessage.style.display = 'block'; - document.getElementById('main-content').style.display = 'grid'; - document.getElementById('load').style.display = 'none'; - let readmeMarkdown = null; - - if (integrationId) { - document.title = `${integrationId} - zop.dev`; - } else { - document.title = 'Integration - zop.dev'; - } - - if (integrationId === 'contribution') { - const contributionUrl = 'https://raw.githubusercontent.com/zopdev/helm-charts/main/CONTRIBUTING.md'; - readmeMarkdown = await fetchMarkdown(contributionUrl); - } else { - const integrationExists = Object.values(integrationsData.categories).flat().some(integration => integration.id === integrationId); - - if (!integrationId || !integrationExists) { - document.body.innerHTML = ` -
- - -
- `; - if (loadingBar) loadingBar.classList.remove('active'); - if (loadingMessage) loadingMessage.style.display = 'none'; - return; - } - - const baseUrl = `https://raw.githubusercontent.com/zopdev/helm-charts/main/charts/${integrationId}/`; - const readmeUrlsToTry = [`${baseUrl}README.md`, `${baseUrl}Readme.md`]; - - readmeMarkdown = await fetchMarkdown(readmeUrlsToTry[0]); - - if (readmeMarkdown === null) { - readmeMarkdown = await fetchMarkdown(readmeUrlsToTry[1]); - } - } - - if (readmeMarkdown !== null) { - const readmeHtml = marked.parse(readmeMarkdown); - processAndDisplayReadme(readmeHtml); - } else { - document.body.innerHTML = ` -
- - - ${integrationId === 'contribution' ? '

Error loading CONTRIBUTING.md content.

' : ''} -
- `; - } - - if (loadingBar) loadingBar.classList.remove('active'); - if (loadingMessage) loadingMessage.style.display = 'none'; -} - - -function processAndDisplayReadme(htmlContent) { - readmeContentDiv.innerHTML = htmlContent; - sidebarContentDiv.innerHTML = ''; - headingElements = []; - sidebarLinks = []; - - const showAllLink = document.createElement('a'); - showAllLink.href = '#section-0'; - showAllLink.textContent = 'Show All'; - showAllLink.classList.add('sidebar-show-all'); - showAllLink.addEventListener('click', (event) => { - event.preventDefault(); - mainReadmeArea.scrollTo({ top: 0, behavior: 'smooth' }); - updateSidebarActiveLink(''); - searchInput.value = ''; - filterSidebarLinks(''); - searchContainer.classList.remove('active'); - }); - sidebarContentDiv.appendChild(showAllLink); - sidebarLinks.push(showAllLink); - - const headings = readmeContentDiv.querySelectorAll('h1, h2'); - - headings.forEach((heading, index) => { - let id = heading.id || `section-${index}`; - heading.id = id; - headingElements.push(heading); - - const sidebarLink = document.createElement('a'); - sidebarLink.href = `#${id}`; - sidebarLink.textContent = heading.textContent; - sidebarLink.classList.add('block'); - if (heading.tagName === 'H2') { - sidebarLink.classList.add('level-2'); - } - sidebarLink.addEventListener('click', (event) => { - event.preventDefault(); - scrollToSection(id); - }); - sidebarContentDiv.appendChild(sidebarLink); - sidebarLinks.push(sidebarLink); - }); - - addCopyButtonsToCodeBlocks(); - - mainReadmeArea.addEventListener('scroll', highlightActiveSection); - window.addEventListener('resize', highlightActiveSection); - setTimeout(highlightActiveSection, 100); -} - -function addCopyButtonsToCodeBlocks() { - const codeBlocks = readmeContentDiv.querySelectorAll('pre'); - - codeBlocks.forEach(pre => { - const codeContainer = document.createElement('div'); - codeContainer.style.position = 'relative'; - codeContainer.style.marginBottom = '1em'; - - pre.parentNode.insertBefore(codeContainer, pre); - codeContainer.appendChild(pre); - - const copyButton = document.createElement('button'); - copyButton.innerHTML = ` - - -`; - copyButton.classList.add('copy-button'); - - copyButton.addEventListener('click', async () => { - const code = pre.querySelector('code'); - if (code) { - try { - await navigator.clipboard.writeText(code.textContent); - copyButton.textContent = 'Copied!'; - setTimeout(() => { - copyButton.innerHTML = ` - - -`; - }, 2000); - } catch (err) { - console.error('Failed to copy text: ', err); - copyButton.textContent = 'Error'; - } - } - }); - codeContainer.appendChild(copyButton); - }); -} - - -function scrollToSection(sectionId) { - const targetElement = document.getElementById(sectionId); - if (targetElement) { - targetElement.scrollIntoView({ behavior: 'smooth', block: 'start' }); - - updateSidebarActiveLink(sectionId); - setTimeout(highlightActiveSection, 300); - } -} - -function highlightActiveSection() { - const currentScrollPos = mainReadmeArea.scrollTop; - const offset = 80; - - let activeSectionId = ''; - - for (let i = headingElements.length - 1; i >= 0; i--) { - const heading = headingElements[i]; - if (currentScrollPos + offset >= heading.offsetTop) { - activeSectionId = heading.id; - break; - } - } -} - -function updateSidebarActiveLink(activeSectionId) { - sidebarLinks.forEach(link => { - link.classList.remove('active'); - }); - - if (activeSectionId) { - const activeLinked = sidebarContentDiv.querySelector(`a[href="#${activeSectionId}"]`); - if (activeLinked) { - activeLinked.classList.add('active'); - } - } -} - -function toggleSearchBar() { - searchContainer.classList.toggle('active'); - if (searchContainer.classList.contains('active')) { - searchInput.focus(); - } else { - searchInput.value = ''; - filterSidebarLinks(''); - } -} - -function filterSidebarLinks(query) { - const lowerCaseQuery = query.toLowerCase().trim(); - const showAllLink = sidebarContentDiv.querySelector('.sidebar-show-all'); - - sidebarLinks.forEach(link => { - if (link === showAllLink) { - return; - } - - const linkText = link.textContent.toLowerCase(); - if (lowerCaseQuery === '' || linkText.includes(lowerCaseQuery)) { - link.style.display = 'block'; - } else { - link.style.display = 'none'; - } - }); - - if (showAllLink) { - if (lowerCaseQuery !== '') { - showAllLink.style.display = 'none'; - } else { - showAllLink.style.display = 'block'; - } - } -} - -searchToggleButton.addEventListener('click', toggleSearchBar); -searchInput.addEventListener('input', (event) => { - filterSidebarLinks(event.target.value); -}); - +import integrationsData from "./config.js"; +const urlParams = new URLSearchParams(window.location.search); +const integrationId = urlParams.get('id'); +const readmeContentDiv = document.getElementById('readme-content'); +const sidebarContentDiv = document.getElementById('sidebar-content'); +const mainReadmeArea = document.getElementById('main-readme-area'); +const searchToggleButton = document.getElementById('searchToggleButton'); +const searchContainer = document.getElementById('searchContainer'); +const searchInput = document.getElementById('searchInput'); +const loadingBar = document.querySelector('.loading-bar'); +const loadingMessage = readmeContentDiv.querySelector('p'); + +let headingElements = []; +let sidebarLinks = []; + +async function fetchMarkdown(url) { + try { + const response = await fetch(url); + if (response.ok) { + return await response.text(); + } else { + console.warn(`Failed to fetch markdown from ${url}: Status ${response.status}`); + return null; + } + } catch (error) { + console.error(`Error during fetch for ${url}:`, error); + return null; + } +} + +async function fetchReadme() { + if (loadingBar) loadingBar.classList.add('active'); + if (loadingMessage) loadingMessage.style.display = 'block'; + document.getElementById('main-content').style.display = 'grid'; + document.getElementById('load').style.display = 'none'; + let readmeMarkdown = null; + + if (integrationId) { + document.title = `${integrationId} - zop.dev`; + } else { + document.title = 'Integration - zop.dev'; + } + + if (integrationId === 'contribution') { + const contributionUrl = 'https://raw.githubusercontent.com/zopdev/helm-charts/main/CONTRIBUTING.md'; + readmeMarkdown = await fetchMarkdown(contributionUrl); + } else { + const integrationExists = Object.values(integrationsData.categories).flat().some(integration => integration.id === integrationId); + + if (!integrationId || !integrationExists) { + document.body.innerHTML = ` +
+ + +
+ `; + if (loadingBar) loadingBar.classList.remove('active'); + if (loadingMessage) loadingMessage.style.display = 'none'; + return; + } + + const baseUrl = `https://raw.githubusercontent.com/zopdev/helm-charts/main/charts/${integrationId}/`; + const readmeUrlsToTry = [`${baseUrl}README.md`, `${baseUrl}Readme.md`]; + + readmeMarkdown = await fetchMarkdown(readmeUrlsToTry[0]); + + if (readmeMarkdown === null) { + readmeMarkdown = await fetchMarkdown(readmeUrlsToTry[1]); + } + } + + if (readmeMarkdown !== null) { + const readmeHtml = marked.parse(readmeMarkdown); + processAndDisplayReadme(readmeHtml); + } else { + document.body.innerHTML = ` +
+ + + ${integrationId === 'contribution' ? '

Error loading CONTRIBUTING.md content.

' : ''} +
+ `; + } + + if (loadingBar) loadingBar.classList.remove('active'); + if (loadingMessage) loadingMessage.style.display = 'none'; +} + + +function processAndDisplayReadme(htmlContent) { + readmeContentDiv.innerHTML = htmlContent; + sidebarContentDiv.innerHTML = ''; + headingElements = []; + sidebarLinks = []; + + const showAllLink = document.createElement('a'); + showAllLink.href = '#section-0'; + showAllLink.textContent = 'Show All'; + showAllLink.classList.add('sidebar-show-all'); + showAllLink.addEventListener('click', (event) => { + event.preventDefault(); + mainReadmeArea.scrollTo({ top: 0, behavior: 'smooth' }); + updateSidebarActiveLink(''); + searchInput.value = ''; + filterSidebarLinks(''); + searchContainer.classList.remove('active'); + }); + sidebarContentDiv.appendChild(showAllLink); + sidebarLinks.push(showAllLink); + + const headings = readmeContentDiv.querySelectorAll('h1, h2'); + + headings.forEach((heading, index) => { + let id = heading.id || `section-${index}`; + heading.id = id; + headingElements.push(heading); + + const sidebarLink = document.createElement('a'); + sidebarLink.href = `#${id}`; + sidebarLink.textContent = heading.textContent; + sidebarLink.classList.add('block'); + if (heading.tagName === 'H2') { + sidebarLink.classList.add('level-2'); + } + sidebarLink.addEventListener('click', (event) => { + event.preventDefault(); + scrollToSection(id); + }); + sidebarContentDiv.appendChild(sidebarLink); + sidebarLinks.push(sidebarLink); + }); + + addCopyButtonsToCodeBlocks(); + + mainReadmeArea.addEventListener('scroll', highlightActiveSection); + window.addEventListener('resize', highlightActiveSection); + setTimeout(highlightActiveSection, 100); +} + +function addCopyButtonsToCodeBlocks() { + const codeBlocks = readmeContentDiv.querySelectorAll('pre'); + + codeBlocks.forEach(pre => { + const codeContainer = document.createElement('div'); + codeContainer.style.position = 'relative'; + codeContainer.style.marginBottom = '1em'; + + pre.parentNode.insertBefore(codeContainer, pre); + codeContainer.appendChild(pre); + + const copyButton = document.createElement('button'); + copyButton.innerHTML = ` + + +`; + copyButton.classList.add('copy-button'); + + copyButton.addEventListener('click', async () => { + const code = pre.querySelector('code'); + if (code) { + try { + await navigator.clipboard.writeText(code.textContent); + copyButton.textContent = 'Copied!'; + setTimeout(() => { + copyButton.innerHTML = ` + + +`; + }, 2000); + } catch (err) { + console.error('Failed to copy text: ', err); + copyButton.textContent = 'Error'; + } + } + }); + codeContainer.appendChild(copyButton); + }); +} + + +function scrollToSection(sectionId) { + const targetElement = document.getElementById(sectionId); + if (targetElement) { + targetElement.scrollIntoView({ behavior: 'smooth', block: 'start' }); + + updateSidebarActiveLink(sectionId); + setTimeout(highlightActiveSection, 300); + } +} + +function highlightActiveSection() { + const currentScrollPos = mainReadmeArea.scrollTop; + const offset = 80; + + let activeSectionId = ''; + + for (let i = headingElements.length - 1; i >= 0; i--) { + const heading = headingElements[i]; + if (currentScrollPos + offset >= heading.offsetTop) { + activeSectionId = heading.id; + break; + } + } +} + +function updateSidebarActiveLink(activeSectionId) { + sidebarLinks.forEach(link => { + link.classList.remove('active'); + }); + + if (activeSectionId) { + const activeLinked = sidebarContentDiv.querySelector(`a[href="#${activeSectionId}"]`); + if (activeLinked) { + activeLinked.classList.add('active'); + } + } +} + +function toggleSearchBar() { + searchContainer.classList.toggle('active'); + if (searchContainer.classList.contains('active')) { + searchInput.focus(); + } else { + searchInput.value = ''; + filterSidebarLinks(''); + } +} + +function filterSidebarLinks(query) { + const lowerCaseQuery = query.toLowerCase().trim(); + const showAllLink = sidebarContentDiv.querySelector('.sidebar-show-all'); + + sidebarLinks.forEach(link => { + if (link === showAllLink) { + return; + } + + const linkText = link.textContent.toLowerCase(); + if (lowerCaseQuery === '' || linkText.includes(lowerCaseQuery)) { + link.style.display = 'block'; + } else { + link.style.display = 'none'; + } + }); + + if (showAllLink) { + if (lowerCaseQuery !== '') { + showAllLink.style.display = 'none'; + } else { + showAllLink.style.display = 'block'; + } + } +} + +searchToggleButton.addEventListener('click', toggleSearchBar); +searchInput.addEventListener('input', (event) => { + filterSidebarLinks(event.target.value); +}); + document.addEventListener('DOMContentLoaded', fetchReadme); \ No newline at end of file diff --git a/docs/src/js/script.js b/docs/src/js/script.js index 8d10515a..a02bcac2 100644 --- a/docs/src/js/script.js +++ b/docs/src/js/script.js @@ -1,569 +1,569 @@ -import integrationsData from './config.js' - -const currentSearchTerm = "" -let searchOverlay -let searchOverlayInput -let searchSuggestions - -document.addEventListener("DOMContentLoaded", () => { - initializeElements() - setupEventListeners() - renderAllIntegrations() - renderFAQ() - setupAccessibility() - updateActiveCategoryOnScroll() -}) - - -function initializeElements() { - searchOverlay = document.getElementById("search-overlay") - searchOverlayInput = document.getElementById("search-overlay-input") - searchSuggestions = document.getElementById("search-suggestions") -} - - -function setupEventListeners() { - setupSearch() - setupCategorySidebar() - setupKeyboardShortcuts() - setupSearchOverlay() - setupFAQ() - window.addEventListener("scroll", updateActiveCategoryOnScroll) -} - - -function renderAllIntegrations() { - renderCategoryIntegrations("Applications") - renderCategoryIntegrations("Datastore") -} - - -function renderCategoryIntegrations(category) { - const container = document.getElementById(`${category.toLowerCase()}-cards`) - if (!container) return - - - let categoryIntegrations = integrationsData.categories[category] || [] - - - if (currentSearchTerm) { - categoryIntegrations = categoryIntegrations.filter( - (integration) => - integration.name.toLowerCase().includes(currentSearchTerm) || - integration.description.toLowerCase().includes(currentSearchTerm), - ) - } - - - renderIntegrationCards(container, categoryIntegrations) -} - - -function renderIntegrationCards(container, integrations) { - if (!container) return - - - container.innerHTML = "" - - - if (integrations.length === 0) { - container.innerHTML = ` -
-

No integrations found

-

Try adjusting your search criteria.

-
- ` - return - } - - - integrations.forEach((integration, index) => { - const card = createIntegrationCard(integration, index) - container.appendChild(card) - }) -} - -function createIntegrationCard(integration, index) { - const card = document.createElement("article"); - card.className = "integration-card"; - card.setAttribute("tabindex", "0"); - card.setAttribute("role", "button"); - card.setAttribute("aria-label", `${integration.name} integration. ${integration.description}`); - card.setAttribute("data-integration-id", integration.id); - card.setAttribute("title", integration.description); - card.setAttribute("data-card-index", index); - - card.innerHTML = ` -
- -

${escapeHtml(integration.name)}

-
-

${escapeHtml(integration.description)}

- `; - - card.addEventListener("click", () => { - const url = `./src/readme.html?id=${encodeURIComponent(integration.id)}`; - window.location.href = url; - }); - - card.addEventListener("keydown", (e) => handleCardKeydown(e, integration, index)); - - return card; -} - -function handleCardInteraction(integration) { - const url = `./src/readme.html?id=${encodeURIComponent(integration.id)}`; - window.location.href = url; -} - -function handleCardKeydown(e, integration, index) { - switch (e.key) { - case "Enter": - case " ": - e.preventDefault(); - handleCardInteraction(integration); - break; - case "ArrowRight": - case "ArrowDown": - e.preventDefault(); - focusNextCard(index); - break; - case "ArrowLeft": - case "ArrowUp": - e.preventDefault(); - focusPreviousCard(index); - break; - case "Home": - e.preventDefault(); - focusFirstCard(); - break; - case "End": - e.preventDefault(); - focusLastCard(); - break; - } -} - -function focusNextCard(currentIndex) { - const cards = document.querySelectorAll(".integration-card") - const nextIndex = (currentIndex + 1) % cards.length - cards[nextIndex]?.focus() -} - - -function focusPreviousCard(currentIndex) { - const cards = document.querySelectorAll(".integration-card") - const prevIndex = currentIndex === 0 ? cards.length - 1 : currentIndex - 1 - cards[prevIndex]?.focus() -} - - -function focusFirstCard() { - const firstCard = document.querySelector(".integration-card") - firstCard?.focus() -} - - -function focusLastCard() { - const cards = document.querySelectorAll(".integration-card") - const lastCard = cards[cards.length - 1] - lastCard?.focus() -} - - -function setupSearch() { - const searchInput = document.getElementById("search-integrations") - if (!searchInput) return - - - searchInput.addEventListener("click", openSearchOverlay) - searchInput.addEventListener("focus", openSearchOverlay) -} - - -function setupCategorySidebar() { - document.addEventListener("click", (e) => { - if (e.target.classList.contains("category-btn")) { - handleCategoryClick(e.target) - } - }) -} - - -function handleCategoryClick(button) { - const categoryButtons = document.querySelectorAll(".category-btn"); - const category = button.getAttribute("data-category"); - - - categoryButtons.forEach((btn) => { - btn.setAttribute("aria-pressed", "false"); - btn.classList.remove("active"); - }); - - - button.setAttribute("aria-pressed", "true"); - button.classList.add("active"); - - - const targetSection = document.getElementById(`${category.toLowerCase()}-section`); - if (targetSection) { - targetSection.scrollIntoView({ - behavior: "smooth", - block: "start", - inline: "nearest", - }); - - - announceToScreenReader(`Scrolled to ${category} section`); - } -} - - -function clearCategoryHighlights() { - const categoryButtons = document.querySelectorAll(".category-btn"); - categoryButtons.forEach((btn) => { - btn.setAttribute("aria-pressed", "false"); - btn.classList.remove("active"); - }); -} - - -const sections = document.querySelectorAll(".category-section"); -const categoryButtons = document.querySelectorAll(".category-btn"); - - -function updateActiveCategoryOnScroll() { - let currentActiveCategory = null; - - - sections.forEach((section) => { - const sectionTop = section.offsetTop; - const sectionHeight = section.clientHeight; - - - if (window.scrollY + 150 >= sectionTop && window.scrollY + 150 < sectionTop + sectionHeight) { - currentActiveCategory = section.id.replace("-section", ""); - } - }); - - - categoryButtons.forEach((btn) => { - btn.setAttribute("aria-pressed", "false"); - btn.classList.remove("active"); - }); - - - if (currentActiveCategory) { - const activeButton = document.querySelector(`.category-btn[data-category="${currentActiveCategory.charAt(0).toUpperCase() + currentActiveCategory.slice(1)}"]`); - if (activeButton) { - activeButton.setAttribute("aria-pressed", "true"); - activeButton.classList.add("active"); - } - } -} - - -document.addEventListener("click", (event) => { - const isCategoryButton = event.target.closest(".category-btn"); - const isSearchInput = event.target.closest("#search-integrations"); - const isSearchOverlay = event.target.closest(".search-overlay-content"); - - - if (!isCategoryButton && !isSearchInput && !isSearchOverlay) { - clearCategoryHighlights(); - } -}); - - -function setupKeyboardShortcuts() { - document.addEventListener("keydown", (e) => { - if (e.key === "/" && !isInputFocused()) { - e.preventDefault() - openSearchOverlay() - } - - - if (e.key === "Escape") { - if (searchOverlay && searchOverlay.classList.contains("active")) { - closeSearchOverlay() - } else if (document.activeElement && document.activeElement !== document.body) { - document.activeElement.blur() - } - } - }) -} - - -function setupSearchOverlay() { - if (!searchOverlay || !searchOverlayInput) return - - - const closeButton = document.querySelector(".search-overlay-close") - if (closeButton) { - closeButton.addEventListener("click", closeSearchOverlay) - } - - - searchOverlay.addEventListener("click", (e) => { - if (e.target === searchOverlay) { - closeSearchOverlay() - } - }) - - - searchOverlayInput.addEventListener("input", handleOverlaySearch) - searchOverlayInput.addEventListener("keydown", handleOverlaySearchKeydown) -} - - -function openSearchOverlay() { - if (!searchOverlay || !searchOverlayInput) return - - - searchOverlay.classList.add("active") - searchOverlayInput.focus() - document.body.style.overflow = "hidden" - - - showSearchSuggestions("") - - - announceToScreenReader("Search overlay opened") -} - - -function closeSearchOverlay() { - if (!searchOverlay) return - - - searchOverlay.classList.remove("active") - document.body.style.overflow = "" - searchOverlayInput.value = "" - - - announceToScreenReader("Search overlay closed") -} - - -function handleOverlaySearch(e) { - const searchTerm = e.target.value.toLowerCase() - showSearchSuggestions(searchTerm) -} - - -function handleOverlaySearchKeydown(e) { - if (e.key === "Escape") { - closeSearchOverlay() - } else if (e.key === "ArrowDown") { - e.preventDefault() - const firstSuggestion = document.querySelector(".search-suggestion") - if (firstSuggestion) { - firstSuggestion.focus() - } - } -} - - -function showSearchSuggestions(searchTerm) { - if (!searchSuggestions) return - - - if (!searchTerm || searchTerm.trim() === "") { - searchSuggestions.innerHTML = "" - return - } - - - const allIntegrations = [ - ...integrationsData.categories.Applications, - ...integrationsData.categories.Datastore, - ] - - - const filteredIntegrations = allIntegrations.filter( - (integration) => - integration.name.toLowerCase().includes(searchTerm.toLowerCase()) || - integration.description.toLowerCase().includes(searchTerm.toLowerCase()) - ) - - - if (filteredIntegrations.length === 0) { - searchSuggestions.innerHTML = ` -
-

No integrations found for "${escapeHtml(searchTerm)}"

-
- ` - return - } - - - searchSuggestions.innerHTML = filteredIntegrations - .map((integration, index) => createSearchSuggestion(integration, index)) - .join("") - - - const suggestionElements = document.querySelectorAll(".search-suggestion") - suggestionElements.forEach((element, index) => { - element.addEventListener("click", () => { - handleSuggestionClick(filteredIntegrations[index]) - }) - element.addEventListener("keydown", (e) => { - handleSuggestionKeydown(e, index, suggestionElements.length) - }) - }) -} - - -function createSearchSuggestion(integration, index) { - return ` - -
- -
-
${escapeHtml(integration.name)}
-
${escapeHtml(integration.description)}
-
- ${escapeHtml(integration.category)} -
- - ` -} - - -function handleSuggestionClick(integration) { - closeSearchOverlay() - - - const targetSection = document.getElementById(`${integration.category.toLowerCase()}-section`) - if (targetSection) { - targetSection.scrollIntoView({ - behavior: "smooth", - block: "start", - }) - - - setTimeout(() => { - const card = document.querySelector(`[data-integration-id="${integration.id}"]`) - if (card) { - card.focus() - card.style.transform = "scale(1.02)" - setTimeout(() => { - card.style.transform = "" - }, 500) - } - }, 500) - } - - - announceToScreenReader(`Selected ${integration.name} from search results`) -} - - -function handleSuggestionKeydown(e, index, totalSuggestions) { - switch (e.key) { - case "Enter": - case " ": - e.preventDefault() - e.target.click() - break - case "ArrowUp": - e.preventDefault() - if (index === 0) { - searchOverlayInput.focus() - } else { - const prevSuggestion = document.querySelectorAll(".search-suggestion")[index - 1] - prevSuggestion?.focus() - } - break - case "ArrowDown": - e.preventDefault() - if (index < totalSuggestions - 1) { - const nextSuggestion = document.querySelectorAll(".search-suggestion")[index + 1] - nextSuggestion?.focus() - } - break - case "Escape": - closeSearchOverlay() - break - } -} - - -function setupFAQ() { - document.addEventListener("click", (e) => { - if (e.target.classList.contains("faq-question")) { - handleFAQClick(e.target) - } - }) -} - - -function renderFAQ() { - const faqContainer = document.getElementById("faq-container") - if (!faqContainer) return - - - faqContainer.innerHTML = faqData.map((faq) => createFAQItem(faq)).join("") -} - - -function setupAccessibility() { - if (!document.getElementById("sr-announcements")) { - const announcements = document.createElement("div") - announcements.id = "sr-announcements" - announcements.setAttribute("aria-live", "polite") - announcements.setAttribute("aria-atomic", "true") - announcements.className = "sr-only" - document.body.appendChild(announcements) - } -} - - -function announceToScreenReader(message) { - const announcements = document.getElementById("sr-announcements") - if (announcements) { - announcements.textContent = message - setTimeout(() => { - announcements.textContent = "" - }, 1000) - } -} - - -function escapeHtml(text) { - const map = { - "&": "&", - "<": "<", - ">": ">", - '"': """, - "'": "'", - } - return text.replace(/[&<>"']/g, (m) => map[m]) -} - - -function isInputFocused() { - const activeElement = document.activeElement - return ( - activeElement && - (activeElement.tagName === "INPUT" || - activeElement.tagName === "TEXTAREA" || - activeElement.tagName === "SELECT" || - activeElement.isContentEditable) - ) -} - - - +import integrationsData from './config.js' + +const currentSearchTerm = "" +let searchOverlay +let searchOverlayInput +let searchSuggestions + +document.addEventListener("DOMContentLoaded", () => { + initializeElements() + setupEventListeners() + renderAllIntegrations() + renderFAQ() + setupAccessibility() + updateActiveCategoryOnScroll() +}) + + +function initializeElements() { + searchOverlay = document.getElementById("search-overlay") + searchOverlayInput = document.getElementById("search-overlay-input") + searchSuggestions = document.getElementById("search-suggestions") +} + + +function setupEventListeners() { + setupSearch() + setupCategorySidebar() + setupKeyboardShortcuts() + setupSearchOverlay() + setupFAQ() + window.addEventListener("scroll", updateActiveCategoryOnScroll) +} + + +function renderAllIntegrations() { + renderCategoryIntegrations("Applications") + renderCategoryIntegrations("Datastore") +} + + +function renderCategoryIntegrations(category) { + const container = document.getElementById(`${category.toLowerCase()}-cards`) + if (!container) return + + + let categoryIntegrations = integrationsData.categories[category] || [] + + + if (currentSearchTerm) { + categoryIntegrations = categoryIntegrations.filter( + (integration) => + integration.name.toLowerCase().includes(currentSearchTerm) || + integration.description.toLowerCase().includes(currentSearchTerm), + ) + } + + + renderIntegrationCards(container, categoryIntegrations) +} + + +function renderIntegrationCards(container, integrations) { + if (!container) return + + + container.innerHTML = "" + + + if (integrations.length === 0) { + container.innerHTML = ` +
+

No integrations found

+

Try adjusting your search criteria.

+
+ ` + return + } + + + integrations.forEach((integration, index) => { + const card = createIntegrationCard(integration, index) + container.appendChild(card) + }) +} + +function createIntegrationCard(integration, index) { + const card = document.createElement("article"); + card.className = "integration-card"; + card.setAttribute("tabindex", "0"); + card.setAttribute("role", "button"); + card.setAttribute("aria-label", `${integration.name} integration. ${integration.description}`); + card.setAttribute("data-integration-id", integration.id); + card.setAttribute("title", integration.description); + card.setAttribute("data-card-index", index); + + card.innerHTML = ` +
+ +

${escapeHtml(integration.name)}

+
+

${escapeHtml(integration.description)}

+ `; + + card.addEventListener("click", () => { + const url = `./src/readme.html?id=${encodeURIComponent(integration.id)}`; + window.location.href = url; + }); + + card.addEventListener("keydown", (e) => handleCardKeydown(e, integration, index)); + + return card; +} + +function handleCardInteraction(integration) { + const url = `./src/readme.html?id=${encodeURIComponent(integration.id)}`; + window.location.href = url; +} + +function handleCardKeydown(e, integration, index) { + switch (e.key) { + case "Enter": + case " ": + e.preventDefault(); + handleCardInteraction(integration); + break; + case "ArrowRight": + case "ArrowDown": + e.preventDefault(); + focusNextCard(index); + break; + case "ArrowLeft": + case "ArrowUp": + e.preventDefault(); + focusPreviousCard(index); + break; + case "Home": + e.preventDefault(); + focusFirstCard(); + break; + case "End": + e.preventDefault(); + focusLastCard(); + break; + } +} + +function focusNextCard(currentIndex) { + const cards = document.querySelectorAll(".integration-card") + const nextIndex = (currentIndex + 1) % cards.length + cards[nextIndex]?.focus() +} + + +function focusPreviousCard(currentIndex) { + const cards = document.querySelectorAll(".integration-card") + const prevIndex = currentIndex === 0 ? cards.length - 1 : currentIndex - 1 + cards[prevIndex]?.focus() +} + + +function focusFirstCard() { + const firstCard = document.querySelector(".integration-card") + firstCard?.focus() +} + + +function focusLastCard() { + const cards = document.querySelectorAll(".integration-card") + const lastCard = cards[cards.length - 1] + lastCard?.focus() +} + + +function setupSearch() { + const searchInput = document.getElementById("search-integrations") + if (!searchInput) return + + + searchInput.addEventListener("click", openSearchOverlay) + searchInput.addEventListener("focus", openSearchOverlay) +} + + +function setupCategorySidebar() { + document.addEventListener("click", (e) => { + if (e.target.classList.contains("category-btn")) { + handleCategoryClick(e.target) + } + }) +} + + +function handleCategoryClick(button) { + const categoryButtons = document.querySelectorAll(".category-btn"); + const category = button.getAttribute("data-category"); + + + categoryButtons.forEach((btn) => { + btn.setAttribute("aria-pressed", "false"); + btn.classList.remove("active"); + }); + + + button.setAttribute("aria-pressed", "true"); + button.classList.add("active"); + + + const targetSection = document.getElementById(`${category.toLowerCase()}-section`); + if (targetSection) { + targetSection.scrollIntoView({ + behavior: "smooth", + block: "start", + inline: "nearest", + }); + + + announceToScreenReader(`Scrolled to ${category} section`); + } +} + + +function clearCategoryHighlights() { + const categoryButtons = document.querySelectorAll(".category-btn"); + categoryButtons.forEach((btn) => { + btn.setAttribute("aria-pressed", "false"); + btn.classList.remove("active"); + }); +} + + +const sections = document.querySelectorAll(".category-section"); +const categoryButtons = document.querySelectorAll(".category-btn"); + + +function updateActiveCategoryOnScroll() { + let currentActiveCategory = null; + + + sections.forEach((section) => { + const sectionTop = section.offsetTop; + const sectionHeight = section.clientHeight; + + + if (window.scrollY + 150 >= sectionTop && window.scrollY + 150 < sectionTop + sectionHeight) { + currentActiveCategory = section.id.replace("-section", ""); + } + }); + + + categoryButtons.forEach((btn) => { + btn.setAttribute("aria-pressed", "false"); + btn.classList.remove("active"); + }); + + + if (currentActiveCategory) { + const activeButton = document.querySelector(`.category-btn[data-category="${currentActiveCategory.charAt(0).toUpperCase() + currentActiveCategory.slice(1)}"]`); + if (activeButton) { + activeButton.setAttribute("aria-pressed", "true"); + activeButton.classList.add("active"); + } + } +} + + +document.addEventListener("click", (event) => { + const isCategoryButton = event.target.closest(".category-btn"); + const isSearchInput = event.target.closest("#search-integrations"); + const isSearchOverlay = event.target.closest(".search-overlay-content"); + + + if (!isCategoryButton && !isSearchInput && !isSearchOverlay) { + clearCategoryHighlights(); + } +}); + + +function setupKeyboardShortcuts() { + document.addEventListener("keydown", (e) => { + if (e.key === "/" && !isInputFocused()) { + e.preventDefault() + openSearchOverlay() + } + + + if (e.key === "Escape") { + if (searchOverlay && searchOverlay.classList.contains("active")) { + closeSearchOverlay() + } else if (document.activeElement && document.activeElement !== document.body) { + document.activeElement.blur() + } + } + }) +} + + +function setupSearchOverlay() { + if (!searchOverlay || !searchOverlayInput) return + + + const closeButton = document.querySelector(".search-overlay-close") + if (closeButton) { + closeButton.addEventListener("click", closeSearchOverlay) + } + + + searchOverlay.addEventListener("click", (e) => { + if (e.target === searchOverlay) { + closeSearchOverlay() + } + }) + + + searchOverlayInput.addEventListener("input", handleOverlaySearch) + searchOverlayInput.addEventListener("keydown", handleOverlaySearchKeydown) +} + + +function openSearchOverlay() { + if (!searchOverlay || !searchOverlayInput) return + + + searchOverlay.classList.add("active") + searchOverlayInput.focus() + document.body.style.overflow = "hidden" + + + showSearchSuggestions("") + + + announceToScreenReader("Search overlay opened") +} + + +function closeSearchOverlay() { + if (!searchOverlay) return + + + searchOverlay.classList.remove("active") + document.body.style.overflow = "" + searchOverlayInput.value = "" + + + announceToScreenReader("Search overlay closed") +} + + +function handleOverlaySearch(e) { + const searchTerm = e.target.value.toLowerCase() + showSearchSuggestions(searchTerm) +} + + +function handleOverlaySearchKeydown(e) { + if (e.key === "Escape") { + closeSearchOverlay() + } else if (e.key === "ArrowDown") { + e.preventDefault() + const firstSuggestion = document.querySelector(".search-suggestion") + if (firstSuggestion) { + firstSuggestion.focus() + } + } +} + + +function showSearchSuggestions(searchTerm) { + if (!searchSuggestions) return + + + if (!searchTerm || searchTerm.trim() === "") { + searchSuggestions.innerHTML = "" + return + } + + + const allIntegrations = [ + ...integrationsData.categories.Applications, + ...integrationsData.categories.Datastore, + ] + + + const filteredIntegrations = allIntegrations.filter( + (integration) => + integration.name.toLowerCase().includes(searchTerm.toLowerCase()) || + integration.description.toLowerCase().includes(searchTerm.toLowerCase()) + ) + + + if (filteredIntegrations.length === 0) { + searchSuggestions.innerHTML = ` +
+

No integrations found for "${escapeHtml(searchTerm)}"

+
+ ` + return + } + + + searchSuggestions.innerHTML = filteredIntegrations + .map((integration, index) => createSearchSuggestion(integration, index)) + .join("") + + + const suggestionElements = document.querySelectorAll(".search-suggestion") + suggestionElements.forEach((element, index) => { + element.addEventListener("click", () => { + handleSuggestionClick(filteredIntegrations[index]) + }) + element.addEventListener("keydown", (e) => { + handleSuggestionKeydown(e, index, suggestionElements.length) + }) + }) +} + + +function createSearchSuggestion(integration, index) { + return ` + +
+ +
+
${escapeHtml(integration.name)}
+
${escapeHtml(integration.description)}
+
+ ${escapeHtml(integration.category)} +
+ + ` +} + + +function handleSuggestionClick(integration) { + closeSearchOverlay() + + + const targetSection = document.getElementById(`${integration.category.toLowerCase()}-section`) + if (targetSection) { + targetSection.scrollIntoView({ + behavior: "smooth", + block: "start", + }) + + + setTimeout(() => { + const card = document.querySelector(`[data-integration-id="${integration.id}"]`) + if (card) { + card.focus() + card.style.transform = "scale(1.02)" + setTimeout(() => { + card.style.transform = "" + }, 500) + } + }, 500) + } + + + announceToScreenReader(`Selected ${integration.name} from search results`) +} + + +function handleSuggestionKeydown(e, index, totalSuggestions) { + switch (e.key) { + case "Enter": + case " ": + e.preventDefault() + e.target.click() + break + case "ArrowUp": + e.preventDefault() + if (index === 0) { + searchOverlayInput.focus() + } else { + const prevSuggestion = document.querySelectorAll(".search-suggestion")[index - 1] + prevSuggestion?.focus() + } + break + case "ArrowDown": + e.preventDefault() + if (index < totalSuggestions - 1) { + const nextSuggestion = document.querySelectorAll(".search-suggestion")[index + 1] + nextSuggestion?.focus() + } + break + case "Escape": + closeSearchOverlay() + break + } +} + + +function setupFAQ() { + document.addEventListener("click", (e) => { + if (e.target.classList.contains("faq-question")) { + handleFAQClick(e.target) + } + }) +} + + +function renderFAQ() { + const faqContainer = document.getElementById("faq-container") + if (!faqContainer) return + + + faqContainer.innerHTML = faqData.map((faq) => createFAQItem(faq)).join("") +} + + +function setupAccessibility() { + if (!document.getElementById("sr-announcements")) { + const announcements = document.createElement("div") + announcements.id = "sr-announcements" + announcements.setAttribute("aria-live", "polite") + announcements.setAttribute("aria-atomic", "true") + announcements.className = "sr-only" + document.body.appendChild(announcements) + } +} + + +function announceToScreenReader(message) { + const announcements = document.getElementById("sr-announcements") + if (announcements) { + announcements.textContent = message + setTimeout(() => { + announcements.textContent = "" + }, 1000) + } +} + + +function escapeHtml(text) { + const map = { + "&": "&", + "<": "<", + ">": ">", + '"': """, + "'": "'", + } + return text.replace(/[&<>"']/g, (m) => map[m]) +} + + +function isInputFocused() { + const activeElement = document.activeElement + return ( + activeElement && + (activeElement.tagName === "INPUT" || + activeElement.tagName === "TEXTAREA" || + activeElement.tagName === "SELECT" || + activeElement.isContentEditable) + ) +} + + + diff --git a/docs/src/readme.html b/docs/src/readme.html index 96e135ab..c52dd656 100644 --- a/docs/src/readme.html +++ b/docs/src/readme.html @@ -1,73 +1,73 @@ - - - - - - - Zopdev Integration - Connect Your DevOps Tools - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- -
-
-
- - ← Integrations - - -
- -
-
-

Loading README content...

-
-
- - -
- - - - + + + + + + + Zopdev Integration - Connect Your DevOps Tools + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ + ← Integrations + + +
+ +
+
+

Loading README content...

+
+
+ + +
+ + + + \ No newline at end of file diff --git a/promql/kafka.yaml b/promql/kafka.yaml index 12bfe060..0388405f 100644 --- a/promql/kafka.yaml +++ b/promql/kafka.yaml @@ -1,93 +1,93 @@ -queries: - "<=0.0.4": - kafka_up: - query: >- - avg by (pod) ( - kafka_exporter_build_info{ - namespace='', - pod=~'.*' - } - ) - - kafka_broker_count: - query: >- - kafka_brokers{ - namespace='' - } - - kafka_topic_count: - query: >- - count( - count by (topic) ( - kafka_topic_partitions{ - namespace='' - } - ) - ) - - kafka_partition_count: - query: >- - sum( - kafka_topic_partitions{ - namespace='' - } - ) - - consumer_group_lag: - query: >- - sum by (consumergroup, topic) ( - kafka_topic_partition_current_offset{ - namespace='', - pod=~'.*' - } - - on(topic, partition) group_right(consumergroup) - kafka_consumergroup_current_offset{ - namespace='', - pod=~'.*' - } - ) > 0 - - consumer_group_members: - query: >- - sum by (consumergroup) ( - kafka_consumergroup_members{ - namespace='', - pod=~'.*' - } - ) - - partition_isr_count: - query: >- - avg by (topic, partition) ( - kafka_topic_partition_in_sync_replica{ - namespace='', - pod=~'.*' - } - ) - - partition_replica_count: - query: >- - avg by (topic, partition) ( - kafka_topic_partition_replicas{ - namespace='', - pod=~'.*' - } - ) - - message_in_rate: - query: >- - sum( - rate( - kafka_topic_partition_current_offset{ - namespace='', - pod=~'.*' - }[1m] - ) - ) by (topic) - - broker_info: - query: >- - kafka_broker_info{ - namespace='', - pod=~'.*' +queries: + "<=0.0.4": + kafka_up: + query: >- + avg by (pod) ( + kafka_exporter_build_info{ + namespace='', + pod=~'.*' + } + ) + + kafka_broker_count: + query: >- + kafka_brokers{ + namespace='' + } + + kafka_topic_count: + query: >- + count( + count by (topic) ( + kafka_topic_partitions{ + namespace='' + } + ) + ) + + kafka_partition_count: + query: >- + sum( + kafka_topic_partitions{ + namespace='' + } + ) + + consumer_group_lag: + query: >- + sum by (consumergroup, topic) ( + kafka_topic_partition_current_offset{ + namespace='', + pod=~'.*' + } + - on(topic, partition) group_right(consumergroup) + kafka_consumergroup_current_offset{ + namespace='', + pod=~'.*' + } + ) > 0 + + consumer_group_members: + query: >- + sum by (consumergroup) ( + kafka_consumergroup_members{ + namespace='', + pod=~'.*' + } + ) + + partition_isr_count: + query: >- + avg by (topic, partition) ( + kafka_topic_partition_in_sync_replica{ + namespace='', + pod=~'.*' + } + ) + + partition_replica_count: + query: >- + avg by (topic, partition) ( + kafka_topic_partition_replicas{ + namespace='', + pod=~'.*' + } + ) + + message_in_rate: + query: >- + sum( + rate( + kafka_topic_partition_current_offset{ + namespace='', + pod=~'.*' + }[1m] + ) + ) by (topic) + + broker_info: + query: >- + kafka_broker_info{ + namespace='', + pod=~'.*' } \ No newline at end of file diff --git a/promql/mariadb.yaml b/promql/mariadb.yaml index 9ec016f7..30d62cf7 100644 --- a/promql/mariadb.yaml +++ b/promql/mariadb.yaml @@ -1,80 +1,80 @@ -queries: - "<=0.0.4": - mysql_up: - query: >- - avg by (pod) ( - mysql_up{ - namespace='', - pod=~'.*' - } - ) - - open_connections: - query: >- - avg by (pod) ( - mysql_global_status_threads_connected{ - namespace='', - pod=~'.*' - } - ) - - inuse_connections: - query: >- - avg by (pod) ( - mysql_global_status_threads_running{ - namespace='', - pod=~'.*' - } - ) - - semi_sync_master_wait_no_slave: - query: >- - avg by (pod) ( - mysql_global_variables_rpl_semi_sync_master_wait_no_slave{ - namespace='', - pod=~'.*' - } - ) - - slaves_connected: - query: >- - avg by (pod) ( - mysql_global_status_slaves_connected{ - namespace='', - pod=~'.*' - } - ) - - queries_per_second: - query: >- - rate(mysql_global_status_queries{namespace='',pod=~'.*'}[1m]) - - bytes_received_per_second: - query: >- - rate(mysql_global_status_bytes_received{namespace='',pod=~'.*'}[1m]) - unit: "kb/s" - - bytes_sent_per_second: - query: >- - rate(mysql_global_status_bytes_sent{namespace='',pod=~'.*'}[1m]) - unit: "kb/s" - - innodb_buffer_pool_reads: - query: >- - rate(mysql_global_status_innodb_buffer_pool_reads{namespace='',pod=~'.*'}[1m]) - - innodb_buffer_pool_read_requests: - query: >- - rate(mysql_global_status_innodb_buffer_pool_read_requests{namespace='',pod=~'.*'}[1m]) - - slow_queries: - query: >- - rate(mysql_global_status_slow_queries{namespace='',pod=~'.*'}[1m]) - - aborted_connects: - query: >- - rate(mysql_global_status_aborted_connects{namespace='',pod=~'.*'}[1m]) - - threads_created: - query: >- +queries: + "<=0.0.4": + mysql_up: + query: >- + avg by (pod) ( + mysql_up{ + namespace='', + pod=~'.*' + } + ) + + open_connections: + query: >- + avg by (pod) ( + mysql_global_status_threads_connected{ + namespace='', + pod=~'.*' + } + ) + + inuse_connections: + query: >- + avg by (pod) ( + mysql_global_status_threads_running{ + namespace='', + pod=~'.*' + } + ) + + semi_sync_master_wait_no_slave: + query: >- + avg by (pod) ( + mysql_global_variables_rpl_semi_sync_master_wait_no_slave{ + namespace='', + pod=~'.*' + } + ) + + slaves_connected: + query: >- + avg by (pod) ( + mysql_global_status_slaves_connected{ + namespace='', + pod=~'.*' + } + ) + + queries_per_second: + query: >- + rate(mysql_global_status_queries{namespace='',pod=~'.*'}[1m]) + + bytes_received_per_second: + query: >- + rate(mysql_global_status_bytes_received{namespace='',pod=~'.*'}[1m]) + unit: "kb/s" + + bytes_sent_per_second: + query: >- + rate(mysql_global_status_bytes_sent{namespace='',pod=~'.*'}[1m]) + unit: "kb/s" + + innodb_buffer_pool_reads: + query: >- + rate(mysql_global_status_innodb_buffer_pool_reads{namespace='',pod=~'.*'}[1m]) + + innodb_buffer_pool_read_requests: + query: >- + rate(mysql_global_status_innodb_buffer_pool_read_requests{namespace='',pod=~'.*'}[1m]) + + slow_queries: + query: >- + rate(mysql_global_status_slow_queries{namespace='',pod=~'.*'}[1m]) + + aborted_connects: + query: >- + rate(mysql_global_status_aborted_connects{namespace='',pod=~'.*'}[1m]) + + threads_created: + query: >- rate(mysql_global_status_threads_created{namespace='',pod=~'.*'}[1m]) \ No newline at end of file diff --git a/promql/mysql.yaml b/promql/mysql.yaml index 7c027f8f..d66d013a 100644 --- a/promql/mysql.yaml +++ b/promql/mysql.yaml @@ -1,62 +1,62 @@ -queries: - "<=0.0.8": - mysql_up: - query: >- - avg by (pod) ( - mysql_up{ - namespace='', - pod=~'.*' - } - ) - - open_connections: - query: >- - avg by (pod) ( - mysql_global_status_threads_connected{ - namespace='', - pod=~'.*' - } - ) - - inuse_connections: - query: >- - avg by (pod) ( - mysql_global_status_threads_running{ - namespace='', - pod=~'.*' - } - ) - - queries_per_second: - query: >- - rate(mysql_global_status_queries{namespace='',pod=~'.*'}[1m]) - - bytes_received_per_second: - query: >- - rate(mysql_global_status_bytes_received{namespace='',pod=~'.*'}[1m]) - unit: "kb/s" - - bytes_sent_per_second: - query: >- - rate(mysql_global_status_bytes_sent{namespace='',pod=~'.*'}[1m]) - unit: "kb/s" - - innodb_buffer_pool_reads: - query: >- - rate(mysql_global_status_innodb_buffer_pool_reads{namespace='',pod=~'.*'}[1m]) - - innodb_buffer_pool_read_requests: - query: >- - rate(mysql_global_status_innodb_buffer_pool_read_requests{namespace='',pod=~'.*'}[1m]) - - slow_queries: - query: >- - rate(mysql_global_status_slow_queries{namespace='',pod=~'.*'}[1m]) - - aborted_connects: - query: >- - rate(mysql_global_status_aborted_connects{namespace='',pod=~'.*'}[1m]) - - threads_created: - query: >- - rate(mysql_global_status_threads_created{namespace='',pod=~'.*'}[1m]) +queries: + "<=0.0.8": + mysql_up: + query: >- + avg by (pod) ( + mysql_up{ + namespace='', + pod=~'.*' + } + ) + + open_connections: + query: >- + avg by (pod) ( + mysql_global_status_threads_connected{ + namespace='', + pod=~'.*' + } + ) + + inuse_connections: + query: >- + avg by (pod) ( + mysql_global_status_threads_running{ + namespace='', + pod=~'.*' + } + ) + + queries_per_second: + query: >- + rate(mysql_global_status_queries{namespace='',pod=~'.*'}[1m]) + + bytes_received_per_second: + query: >- + rate(mysql_global_status_bytes_received{namespace='',pod=~'.*'}[1m]) + unit: "kb/s" + + bytes_sent_per_second: + query: >- + rate(mysql_global_status_bytes_sent{namespace='',pod=~'.*'}[1m]) + unit: "kb/s" + + innodb_buffer_pool_reads: + query: >- + rate(mysql_global_status_innodb_buffer_pool_reads{namespace='',pod=~'.*'}[1m]) + + innodb_buffer_pool_read_requests: + query: >- + rate(mysql_global_status_innodb_buffer_pool_read_requests{namespace='',pod=~'.*'}[1m]) + + slow_queries: + query: >- + rate(mysql_global_status_slow_queries{namespace='',pod=~'.*'}[1m]) + + aborted_connects: + query: >- + rate(mysql_global_status_aborted_connects{namespace='',pod=~'.*'}[1m]) + + threads_created: + query: >- + rate(mysql_global_status_threads_created{namespace='',pod=~'.*'}[1m]) diff --git a/promql/postgres.yaml b/promql/postgres.yaml index 36b06787..d41bb3c6 100644 --- a/promql/postgres.yaml +++ b/promql/postgres.yaml @@ -1,89 +1,89 @@ -queries: - "<=0.0.9": - postgres_up: - query: >- - avg by (pod) ( - pg_up{ - namespace='', - pod=~'.*' - } - ) - - open_connections: - query: >- - sum by (pod) ( - pg_stat_activity_count{ - namespace='', - pod=~'.*', - state='active' - } - ) - - idle_connections: - query: >- - sum by (pod) ( - pg_stat_activity_count{ - namespace='', - pod=~'.*', - state='idle' - } - ) - - queries_per_second: - query: >- - sum by (pod) ( - rate(pg_stat_database_xact_commit{ - namespace='', - pod=~'.*' - }[1m]) + - rate(pg_stat_database_xact_rollback{ - namespace='', - pod=~'.*' - }[1m]) - ) - - disk_read_operations: - query: >- - rate(pg_stat_database_blks_read{ - namespace='', - pod=~'.*' - }[1m]) - - transaction_commit_rate: - query: >- - rate(pg_stat_database_xact_commit{ - namespace='', - pod=~'.*' - }[1m]) - - connection_utilization: - query: >- - sum by (pod) ( - pg_stat_activity_count{ - namespace='', - pod=~'.*' - } - ) / - sum by (pod) ( - pg_settings_max_connections{ - namespace='', - pod=~'.*' - } - ) - - deadlocks: - query: >- - rate(pg_stat_database_deadlocks{ - namespace='', - pod=~'.*' - }[5m]) - - database_size_bytes: - query: >- - sum by (pod, datname) ( - pg_database_size_bytes{ - namespace='', - pod=~'.*' - } - ) +queries: + "<=0.0.9": + postgres_up: + query: >- + avg by (pod) ( + pg_up{ + namespace='', + pod=~'.*' + } + ) + + open_connections: + query: >- + sum by (pod) ( + pg_stat_activity_count{ + namespace='', + pod=~'.*', + state='active' + } + ) + + idle_connections: + query: >- + sum by (pod) ( + pg_stat_activity_count{ + namespace='', + pod=~'.*', + state='idle' + } + ) + + queries_per_second: + query: >- + sum by (pod) ( + rate(pg_stat_database_xact_commit{ + namespace='', + pod=~'.*' + }[1m]) + + rate(pg_stat_database_xact_rollback{ + namespace='', + pod=~'.*' + }[1m]) + ) + + disk_read_operations: + query: >- + rate(pg_stat_database_blks_read{ + namespace='', + pod=~'.*' + }[1m]) + + transaction_commit_rate: + query: >- + rate(pg_stat_database_xact_commit{ + namespace='', + pod=~'.*' + }[1m]) + + connection_utilization: + query: >- + sum by (pod) ( + pg_stat_activity_count{ + namespace='', + pod=~'.*' + } + ) / + sum by (pod) ( + pg_settings_max_connections{ + namespace='', + pod=~'.*' + } + ) + + deadlocks: + query: >- + rate(pg_stat_database_deadlocks{ + namespace='', + pod=~'.*' + }[5m]) + + database_size_bytes: + query: >- + sum by (pod, datname) ( + pg_database_size_bytes{ + namespace='', + pod=~'.*' + } + ) unit: "bytes" \ No newline at end of file diff --git a/promql/redis.yaml b/promql/redis.yaml index 5cf95c0d..b9a28fdc 100644 --- a/promql/redis.yaml +++ b/promql/redis.yaml @@ -1,66 +1,66 @@ -queries: - "<=0.0.4": - redis_up: - query: >- - avg by (pod) ( - redis_up{ - namespace='', - pod=~'.*' - } - ) - - connected_clients: - query: >- - avg by (pod) ( - redis_connected_clients{ - namespace='', - pod=~'.*' - } - ) - - memory_used: - query: >- - avg by (pod) ( - redis_memory_used_bytes{ - namespace='', - pod=~'.*' - } - ) - unit: "bytes" - - memory_peak: - query: >- - avg by (pod) ( - redis_memory_used_peak_bytes{ - namespace='', - pod=~'.*' - } - ) - unit: "bytes" - - keys_total: - query: >- - sum by (pod) ( - redis_db_keys{ - namespace='', - pod=~'.*' - } - ) - - ops_per_second: - query: >- - rate( - redis_commands_processed_total{ - namespace='', - pod=~'.*' - }[1m] - ) - - rejected_connections: - query: >- - rate( - redis_rejected_connections_total{ - namespace='', - pod=~'.*' - }[1m] - ) +queries: + "<=0.0.4": + redis_up: + query: >- + avg by (pod) ( + redis_up{ + namespace='', + pod=~'.*' + } + ) + + connected_clients: + query: >- + avg by (pod) ( + redis_connected_clients{ + namespace='', + pod=~'.*' + } + ) + + memory_used: + query: >- + avg by (pod) ( + redis_memory_used_bytes{ + namespace='', + pod=~'.*' + } + ) + unit: "bytes" + + memory_peak: + query: >- + avg by (pod) ( + redis_memory_used_peak_bytes{ + namespace='', + pod=~'.*' + } + ) + unit: "bytes" + + keys_total: + query: >- + sum by (pod) ( + redis_db_keys{ + namespace='', + pod=~'.*' + } + ) + + ops_per_second: + query: >- + rate( + redis_commands_processed_total{ + namespace='', + pod=~'.*' + }[1m] + ) + + rejected_connections: + query: >- + rate( + redis_rejected_connections_total{ + namespace='', + pod=~'.*' + }[1m] + ) diff --git a/promql/redisdistributed.yaml b/promql/redisdistributed.yaml index 39d5c7ce..da7aeea4 100644 --- a/promql/redisdistributed.yaml +++ b/promql/redisdistributed.yaml @@ -1,81 +1,81 @@ -queries: - "<=0.0.5": - redis_up: - query: >- - avg by (pod) ( - redis_up{ - namespace='', - pod=~'.*' - } - ) - - role: - query: >- - avg by (pod) ( - redis_instance_info{ - namespace='', - pod=~'.*' - } - ) - - connected_clients: - query: >- - avg by (pod) ( - redis_connected_clients{ - namespace='', - pod=~'.*' - } - ) - - used_memory: - query: >- - avg by (pod) ( - redis_memory_used_bytes{ - namespace='', - pod=~'.*' - } - ) - unit: "bytes" - - evicted_keys_per_second: - query: >- - rate(redis_evicted_keys_total{namespace='',pod=~'.*'}[1m]) - - expired_keys_per_second: - query: >- - rate(redis_expired_keys_total{namespace='',pod=~'.*'}[1m]) - - rejected_connections_per_second: - query: >- - rate(redis_rejected_connections_total{namespace='',pod=~'.*'}[1m]) - - connected_slaves: - query: >- - avg by (pod) ( - redis_connected_slaves{ - namespace='', - pod=~'.*' - } - ) - - keys_total: - query: >- - avg by (pod) ( - redis_db_keys{ - namespace='', - pod=~'.*' - } - ) - - keys_expiring: - query: >- - avg by (pod) ( - redis_db_keys_expiring{ - namespace='', - pod=~'.*' - } - ) - - commands_processed_per_second: - query: >- - rate(redis_commands_processed_total{namespace='',pod=~'.*'}[1m]) +queries: + "<=0.0.5": + redis_up: + query: >- + avg by (pod) ( + redis_up{ + namespace='', + pod=~'.*' + } + ) + + role: + query: >- + avg by (pod) ( + redis_instance_info{ + namespace='', + pod=~'.*' + } + ) + + connected_clients: + query: >- + avg by (pod) ( + redis_connected_clients{ + namespace='', + pod=~'.*' + } + ) + + used_memory: + query: >- + avg by (pod) ( + redis_memory_used_bytes{ + namespace='', + pod=~'.*' + } + ) + unit: "bytes" + + evicted_keys_per_second: + query: >- + rate(redis_evicted_keys_total{namespace='',pod=~'.*'}[1m]) + + expired_keys_per_second: + query: >- + rate(redis_expired_keys_total{namespace='',pod=~'.*'}[1m]) + + rejected_connections_per_second: + query: >- + rate(redis_rejected_connections_total{namespace='',pod=~'.*'}[1m]) + + connected_slaves: + query: >- + avg by (pod) ( + redis_connected_slaves{ + namespace='', + pod=~'.*' + } + ) + + keys_total: + query: >- + avg by (pod) ( + redis_db_keys{ + namespace='', + pod=~'.*' + } + ) + + keys_expiring: + query: >- + avg by (pod) ( + redis_db_keys_expiring{ + namespace='', + pod=~'.*' + } + ) + + commands_processed_per_second: + query: >- + rate(redis_commands_processed_total{namespace='',pod=~'.*'}[1m]) diff --git a/promql/service.yaml b/promql/service.yaml index afed0713..4b4618cb 100644 --- a/promql/service.yaml +++ b/promql/service.yaml @@ -1,31 +1,31 @@ -queries: - "<=0.0.22": - cpu_utilisation: - query: >- - (avg(rate(container_cpu_usage_seconds_total{namespace='',container=''}[1m])) by (pod) / - on (pod)(kube_pod_container_resource_limits{namespace='',container='',resource='cpu'}))*100 - unit: "%" - - memory_utilisation: - query: >- - (avg(rate(container_memory_usage_bytes{namespace='',container=''}[1m])) by (pod) / - on (pod)(kube_pod_container_resource_limits{namespace='',container='',resource='memory'}))*10000 - unit: "%" - - network_utilisation: - query: >- - sum by (pod) (rate(container_network_transmit_bytes_total{namespace='',pod=~'.*'}[1m])) - unit: "kb/s" - - cpu_throttling: - query: >- - sum(increase(container_cpu_cfs_throttled_periods_total{container='', namespace=''}[1m])) by (container) / - sum(increase(container_cpu_cfs_periods_total{container='', namespace=''}[1m])) by (container) - - pod_restarts: - query: >- - increase(kube_pod_container_status_restarts_total{namespace='', container=''}[1m]) - - nginx_ingress_volume_controller: - query: >- - sum by (status) (increase(nginx_ingress_controller_requests{exported_service='', exported_namespace=''}[1m])) +queries: + "<=0.0.22": + cpu_utilisation: + query: >- + (avg(rate(container_cpu_usage_seconds_total{namespace='',container=''}[1m])) by (pod) / + on (pod)(kube_pod_container_resource_limits{namespace='',container='',resource='cpu'}))*100 + unit: "%" + + memory_utilisation: + query: >- + (avg(rate(container_memory_usage_bytes{namespace='',container=''}[1m])) by (pod) / + on (pod)(kube_pod_container_resource_limits{namespace='',container='',resource='memory'}))*10000 + unit: "%" + + network_utilisation: + query: >- + sum by (pod) (rate(container_network_transmit_bytes_total{namespace='',pod=~'.*'}[1m])) + unit: "kb/s" + + cpu_throttling: + query: >- + sum(increase(container_cpu_cfs_throttled_periods_total{container='', namespace=''}[1m])) by (container) / + sum(increase(container_cpu_cfs_periods_total{container='', namespace=''}[1m])) by (container) + + pod_restarts: + query: >- + increase(kube_pod_container_status_restarts_total{namespace='', container=''}[1m]) + + nginx_ingress_volume_controller: + query: >- + sum by (status) (increase(nginx_ingress_controller_requests{exported_service='', exported_namespace=''}[1m])) diff --git a/promql/solr-cloud.yaml b/promql/solr-cloud.yaml index 52aa7e6f..24db8fd7 100644 --- a/promql/solr-cloud.yaml +++ b/promql/solr-cloud.yaml @@ -1,140 +1,140 @@ -queries: - solr_up: - query: >- - avg by (pod) ( - solr_ping{ - namespace='', - pod=~'.*' - } - ) - - zookeeper_status: - query: >- - avg by (pod) ( - solr_zookeeper_status{ - namespace='', - pod=~'.*' - } - ) - - query_rate: - query: >- - sum by (pod) ( - rate(solr_metrics_core_query_local_count{ - namespace='', - pod=~'.*', - searchHandler="/select" - }[1m]) - ) - - query_latency_median: - query: >- - avg by (pod) ( - solr_metrics_core_query_local_median_ms{ - namespace='', - pod=~'.*', - searchHandler="/select" - } - ) - unit: "ms" - - query_latency_p95: - query: >- - avg by (pod) ( - solr_metrics_core_query_local_p95_ms{ - namespace='', - pod=~'.*', - searchHandler="/select" - } - ) - unit: "ms" - - cache_hit_ratio: - query: >- - avg by (pod) ( - solr_metrics_core_searcher_cache_ratio{ - namespace='', - pod=~'.*', - type="queryResultCache", - item="hitratio" - } - ) - unit: "%" - - index_size: - query: >- - avg by (pod) ( - solr_metrics_core_index_size_bytes{ - namespace='', - pod=~'.*' - } - ) - unit: "bytes" - - jvm_heap_max: - query: >- - avg by (pod) ( - solr_metrics_jvm_memory_heap_bytes{ - namespace='', - pod=~'.*', - item="max" - } - ) - unit: "bytes" - - document_count: - query: >- - avg by (pod) ( - solr_metrics_core_searcher_documents{ - namespace='', - pod=~'.*', - item="numDocs" - } - ) - - update_operations: - query: >- - sum by (pod) ( - rate(solr_metrics_core_update_handler_adds_total{ - namespace='', - pod=~'.*' - }[1m]) - ) - - http_requests: - query: >- - sum by (pod) ( - rate(solr_metrics_jetty_requests_total{ - namespace='', - pod=~'.*' - }[1m]) - ) - - http_errors: - query: >- - sum by (pod) ( - rate(solr_metrics_jetty_response_total{ - namespace='', - pod=~'.*', - status=~"4xx|5xx" - }[1m]) - ) - - replica_state: - query: >- - avg by (pod) ( - solr_collections_replica_state{ - namespace='', - pod=~'.*', - state="active" - } - ) - - shard_leader: - query: >- - avg by (pod) ( - solr_collections_shard_leader{ - namespace='', - pod=~'.*' - } +queries: + solr_up: + query: >- + avg by (pod) ( + solr_ping{ + namespace='', + pod=~'.*' + } + ) + + zookeeper_status: + query: >- + avg by (pod) ( + solr_zookeeper_status{ + namespace='', + pod=~'.*' + } + ) + + query_rate: + query: >- + sum by (pod) ( + rate(solr_metrics_core_query_local_count{ + namespace='', + pod=~'.*', + searchHandler="/select" + }[1m]) + ) + + query_latency_median: + query: >- + avg by (pod) ( + solr_metrics_core_query_local_median_ms{ + namespace='', + pod=~'.*', + searchHandler="/select" + } + ) + unit: "ms" + + query_latency_p95: + query: >- + avg by (pod) ( + solr_metrics_core_query_local_p95_ms{ + namespace='', + pod=~'.*', + searchHandler="/select" + } + ) + unit: "ms" + + cache_hit_ratio: + query: >- + avg by (pod) ( + solr_metrics_core_searcher_cache_ratio{ + namespace='', + pod=~'.*', + type="queryResultCache", + item="hitratio" + } + ) + unit: "%" + + index_size: + query: >- + avg by (pod) ( + solr_metrics_core_index_size_bytes{ + namespace='', + pod=~'.*' + } + ) + unit: "bytes" + + jvm_heap_max: + query: >- + avg by (pod) ( + solr_metrics_jvm_memory_heap_bytes{ + namespace='', + pod=~'.*', + item="max" + } + ) + unit: "bytes" + + document_count: + query: >- + avg by (pod) ( + solr_metrics_core_searcher_documents{ + namespace='', + pod=~'.*', + item="numDocs" + } + ) + + update_operations: + query: >- + sum by (pod) ( + rate(solr_metrics_core_update_handler_adds_total{ + namespace='', + pod=~'.*' + }[1m]) + ) + + http_requests: + query: >- + sum by (pod) ( + rate(solr_metrics_jetty_requests_total{ + namespace='', + pod=~'.*' + }[1m]) + ) + + http_errors: + query: >- + sum by (pod) ( + rate(solr_metrics_jetty_response_total{ + namespace='', + pod=~'.*', + status=~"4xx|5xx" + }[1m]) + ) + + replica_state: + query: >- + avg by (pod) ( + solr_collections_replica_state{ + namespace='', + pod=~'.*', + state="active" + } + ) + + shard_leader: + query: >- + avg by (pod) ( + solr_collections_shard_leader{ + namespace='', + pod=~'.*' + } ) \ No newline at end of file diff --git a/promql/solr.yaml b/promql/solr.yaml index a74451a7..da1a7ddb 100644 --- a/promql/solr.yaml +++ b/promql/solr.yaml @@ -1,62 +1,62 @@ -queries: - "<=0.0.5": - solr_up: - query: >- - up{job='', namespace='', pod=~'.*' } - - cpu_load: - query: >- - solr_metrics_jvm_os_cpu_load{item="processCpuLoad", namespace='', pod=~'.*'} - - open_file_descriptors: - query: >- - solr_metrics_jvm_os_file_descriptors{item="openFileDescriptorCount", namespace='', pod=~'.*'} - - http_requests_per_second: - query: >- - sum by (pod) ( - rate(solr_metrics_node_requests_total{namespace='', pod=~'.*'}[1m]) - ) - - http_errors_per_second: - query: >- - sum by (pod) ( - rate(solr_metrics_node_errors_total{namespace='', pod=~'.*'}[1m]) - ) - - gc_time_seconds: - query: >- - rate(solr_metrics_jvm_gc_seconds_total{namespace='', pod=~'.*'}[1m]) - - gc_count: - query: >- - rate(solr_metrics_jvm_gc_total{namespace='', pod=~'.*'}[1m]) - - thread_count: - query: >- - solr_metrics_jvm_threads{item="count", namespace='', pod=~'.*'} - - response_codes: - query: >- - sum by (pod, status) ( - rate(solr_metrics_jetty_response_total{namespace='', pod=~'.*'}[1m]) - ) - - request_methods: - query: >- - sum by (pod, method) ( - rate(solr_metrics_jetty_requests_total{namespace='', pod=~'.*'}[1m]) - ) - - request_handler_time: - query: >- - rate(solr_metrics_node_time_seconds_total{namespace='', pod=~'.*'}[1m]) - - loaded_cores: - query: >- - solr_metrics_node_cores{item="loaded", namespace='', pod=~'.*'} - - memory_usage: - query: >- - solr_metrics_jvm_memory_bytes{item="used", namespace='', pod=~'.*'} +queries: + "<=0.0.5": + solr_up: + query: >- + up{job='', namespace='', pod=~'.*' } + + cpu_load: + query: >- + solr_metrics_jvm_os_cpu_load{item="processCpuLoad", namespace='', pod=~'.*'} + + open_file_descriptors: + query: >- + solr_metrics_jvm_os_file_descriptors{item="openFileDescriptorCount", namespace='', pod=~'.*'} + + http_requests_per_second: + query: >- + sum by (pod) ( + rate(solr_metrics_node_requests_total{namespace='', pod=~'.*'}[1m]) + ) + + http_errors_per_second: + query: >- + sum by (pod) ( + rate(solr_metrics_node_errors_total{namespace='', pod=~'.*'}[1m]) + ) + + gc_time_seconds: + query: >- + rate(solr_metrics_jvm_gc_seconds_total{namespace='', pod=~'.*'}[1m]) + + gc_count: + query: >- + rate(solr_metrics_jvm_gc_total{namespace='', pod=~'.*'}[1m]) + + thread_count: + query: >- + solr_metrics_jvm_threads{item="count", namespace='', pod=~'.*'} + + response_codes: + query: >- + sum by (pod, status) ( + rate(solr_metrics_jetty_response_total{namespace='', pod=~'.*'}[1m]) + ) + + request_methods: + query: >- + sum by (pod, method) ( + rate(solr_metrics_jetty_requests_total{namespace='', pod=~'.*'}[1m]) + ) + + request_handler_time: + query: >- + rate(solr_metrics_node_time_seconds_total{namespace='', pod=~'.*'}[1m]) + + loaded_cores: + query: >- + solr_metrics_node_cores{item="loaded", namespace='', pod=~'.*'} + + memory_usage: + query: >- + solr_metrics_jvm_memory_bytes{item="used", namespace='', pod=~'.*'} unit: "bytes" \ No newline at end of file