5285 lines
304 KiB
YAML
5285 lines
304 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
cdi.kubevirt.io: ""
|
|
name: cdi
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.13.0
|
|
name: cdis.cdi.kubevirt.io
|
|
spec:
|
|
group: cdi.kubevirt.io
|
|
names:
|
|
kind: CDI
|
|
listKind: CDIList
|
|
plural: cdis
|
|
shortNames:
|
|
- cdi
|
|
- cdis
|
|
singular: cdi
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.phase
|
|
name: Phase
|
|
type: string
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: CDI is the CDI Operator CRD
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: CDISpec defines our specification for the CDI installation
|
|
properties:
|
|
certConfig:
|
|
description: certificate configuration
|
|
properties:
|
|
ca:
|
|
description: CA configuration CA certs are kept in the CA bundle
|
|
as long as they are valid
|
|
properties:
|
|
duration:
|
|
description: The requested 'duration' (i.e. lifetime) of the
|
|
Certificate.
|
|
type: string
|
|
renewBefore:
|
|
description: The amount of time before the currently issued
|
|
certificate's `notAfter` time that we will begin to attempt
|
|
to renew the certificate.
|
|
type: string
|
|
type: object
|
|
server:
|
|
description: Server configuration Certs are rotated and discarded
|
|
properties:
|
|
duration:
|
|
description: The requested 'duration' (i.e. lifetime) of the
|
|
Certificate.
|
|
type: string
|
|
renewBefore:
|
|
description: The amount of time before the currently issued
|
|
certificate's `notAfter` time that we will begin to attempt
|
|
to renew the certificate.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
cloneStrategyOverride:
|
|
description: 'Clone strategy override: should we use a host-assisted
|
|
copy even if snapshots are available?'
|
|
enum:
|
|
- copy
|
|
- snapshot
|
|
- csi-clone
|
|
type: string
|
|
config:
|
|
description: CDIConfig at CDI level
|
|
properties:
|
|
dataVolumeTTLSeconds:
|
|
description: DataVolumeTTLSeconds is the time in seconds after
|
|
DataVolume completion it can be garbage collected. Disabled
|
|
by default.
|
|
format: int32
|
|
type: integer
|
|
featureGates:
|
|
description: FeatureGates are a list of specific enabled feature
|
|
gates
|
|
items:
|
|
type: string
|
|
type: array
|
|
filesystemOverhead:
|
|
description: FilesystemOverhead describes the space reserved for
|
|
overhead when using Filesystem volumes. A value is between 0
|
|
and 1, if not defined it is 0.055 (5.5% overhead)
|
|
properties:
|
|
global:
|
|
description: Global is how much space of a Filesystem volume
|
|
should be reserved for overhead. This value is used unless
|
|
overridden by a more specific value (per storageClass)
|
|
pattern: ^(0(?:\.\d{1,3})?|1)$
|
|
type: string
|
|
storageClass:
|
|
additionalProperties:
|
|
description: 'Percent is a string that can only be a value
|
|
between [0,1) (Note: we actually rely on reconcile to
|
|
reject invalid values)'
|
|
pattern: ^(0(?:\.\d{1,3})?|1)$
|
|
type: string
|
|
description: StorageClass specifies how much space of a Filesystem
|
|
volume should be reserved for safety. The keys are the storageClass
|
|
and the values are the overhead. This value overrides the
|
|
global value
|
|
type: object
|
|
type: object
|
|
imagePullSecrets:
|
|
description: The imagePullSecrets used to pull the container images
|
|
items:
|
|
description: LocalObjectReference contains enough information
|
|
to let you locate the referenced object inside the same namespace.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
importProxy:
|
|
description: ImportProxy contains importer pod proxy configuration.
|
|
properties:
|
|
HTTPProxy:
|
|
description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
|
|
of the import proxy for HTTP requests. Empty means unset
|
|
and will not result in the import pod env var.
|
|
type: string
|
|
HTTPSProxy:
|
|
description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
|
|
of the import proxy for HTTPS requests. Empty means unset
|
|
and will not result in the import pod env var.
|
|
type: string
|
|
noProxy:
|
|
description: NoProxy is a comma-separated list of hostnames
|
|
and/or CIDRs for which the proxy should not be used. Empty
|
|
means unset and will not result in the import pod env var.
|
|
type: string
|
|
trustedCAProxy:
|
|
description: "TrustedCAProxy is the name of a ConfigMap in
|
|
the cdi namespace that contains a user-provided trusted
|
|
certificate authority (CA) bundle. The TrustedCAProxy ConfigMap
|
|
is consumed by the DataImportCron controller for creating
|
|
cronjobs, and by the import controller referring a copy
|
|
of the ConfigMap in the import namespace. Here is an example
|
|
of the ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap
|
|
metadata: name: my-ca-proxy-cm namespace: cdi data: ca.pem:
|
|
| -----BEGIN CERTIFICATE----- ... <base64 encoded cert>
|
|
... -----END CERTIFICATE-----"
|
|
type: string
|
|
type: object
|
|
insecureRegistries:
|
|
description: InsecureRegistries is a list of TLS disabled registries
|
|
items:
|
|
type: string
|
|
type: array
|
|
logVerbosity:
|
|
description: LogVerbosity overrides the default verbosity level
|
|
used to initialize loggers
|
|
format: int32
|
|
type: integer
|
|
podResourceRequirements:
|
|
description: ResourceRequirements describes the compute resource
|
|
requirements.
|
|
properties:
|
|
claims:
|
|
description: "Claims lists the names of resources, defined
|
|
in spec.resourceClaims, that are used by this container.
|
|
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
|
feature gate. \n This field is immutable. It can only be
|
|
set for containers."
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: Name must match the name of one entry in
|
|
pod.spec.resourceClaims of the Pod where this field
|
|
is used. It makes that resource available inside a
|
|
container.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Limits describes the maximum amount of compute
|
|
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Requests describes the minimum amount of compute
|
|
resources required. If Requests is omitted for a container,
|
|
it defaults to Limits if that is explicitly specified, otherwise
|
|
to an implementation-defined value. Requests cannot exceed
|
|
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
type: object
|
|
type: object
|
|
preallocation:
|
|
description: Preallocation controls whether storage for DataVolumes
|
|
should be allocated in advance.
|
|
type: boolean
|
|
scratchSpaceStorageClass:
|
|
description: 'Override the storage class to used for scratch space
|
|
during transfer operations. The scratch space storage class
|
|
is determined in the following order: 1. value of scratchSpaceStorageClass,
|
|
if that doesn''t exist, use the default storage class, if there
|
|
is no default storage class, use the storage class of the DataVolume,
|
|
if no storage class specified, use no storage class for scratch
|
|
space'
|
|
type: string
|
|
tlsSecurityProfile:
|
|
description: TLSSecurityProfile is used by operators to apply
|
|
cluster-wide TLS security settings to operands.
|
|
properties:
|
|
custom:
|
|
description: "custom is a user-defined TLS security profile.
|
|
Be extremely careful using a custom profile as invalid configurations
|
|
can be catastrophic. An example custom profile looks like
|
|
this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256
|
|
minTLSVersion: TLSv1.1"
|
|
nullable: true
|
|
properties:
|
|
ciphers:
|
|
description: "ciphers is used to specify the cipher algorithms
|
|
that are negotiated during the TLS handshake. Operators
|
|
may remove entries their operands do not support. For
|
|
example, to use DES-CBC3-SHA (yaml): \n ciphers: -
|
|
DES-CBC3-SHA"
|
|
items:
|
|
type: string
|
|
type: array
|
|
minTLSVersion:
|
|
description: "minTLSVersion is used to specify the minimal
|
|
version of the TLS protocol that is negotiated during
|
|
the TLS handshake. For example, to use TLS versions
|
|
1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n
|
|
NOTE: currently the highest minTLSVersion allowed is
|
|
VersionTLS12"
|
|
enum:
|
|
- VersionTLS10
|
|
- VersionTLS11
|
|
- VersionTLS12
|
|
- VersionTLS13
|
|
type: string
|
|
type: object
|
|
intermediate:
|
|
description: "intermediate is a TLS security profile based
|
|
on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
- ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
|
|
- ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
|
|
minTLSVersion: TLSv1.2"
|
|
nullable: true
|
|
type: object
|
|
modern:
|
|
description: "modern is a TLS security profile based on: \n
|
|
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
|
|
nullable: true
|
|
type: object
|
|
old:
|
|
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
- ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
|
|
- ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
|
|
- DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256
|
|
- ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA
|
|
- ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 -
|
|
ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256
|
|
- DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384
|
|
- AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA
|
|
- DES-CBC3-SHA minTLSVersion: TLSv1.0"
|
|
nullable: true
|
|
type: object
|
|
type:
|
|
description: "type is one of Old, Intermediate, Modern or
|
|
Custom. Custom provides the ability to specify individual
|
|
TLS security profile parameters. Old, Intermediate and Modern
|
|
are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
|
|
\n The profiles are intent based, so they may change over
|
|
time as new ciphers are developed and existing ciphers are
|
|
found to be insecure. Depending on precisely which ciphers
|
|
are available to a process, the list may be reduced. \n
|
|
Note that the Modern profile is currently not supported
|
|
because it is not yet well adopted by common software libraries."
|
|
enum:
|
|
- Old
|
|
- Intermediate
|
|
- Modern
|
|
- Custom
|
|
type: string
|
|
type: object
|
|
uploadProxyURLOverride:
|
|
description: Override the URL used when uploading to a DataVolume
|
|
type: string
|
|
type: object
|
|
customizeComponents:
|
|
description: CustomizeComponents defines patches for components deployed
|
|
by the CDI operator.
|
|
properties:
|
|
flags:
|
|
description: Configure the value used for deployment and daemonset
|
|
resources
|
|
properties:
|
|
api:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
controller:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
uploadProxy:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
patches:
|
|
items:
|
|
description: CustomizeComponentsPatch defines a patch for some
|
|
resource.
|
|
properties:
|
|
patch:
|
|
type: string
|
|
resourceName:
|
|
minLength: 1
|
|
type: string
|
|
resourceType:
|
|
minLength: 1
|
|
type: string
|
|
type:
|
|
description: PatchType defines the patch type.
|
|
type: string
|
|
required:
|
|
- patch
|
|
- resourceName
|
|
- resourceType
|
|
- type
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
imagePullPolicy:
|
|
description: PullPolicy describes a policy for if/when to pull a container
|
|
image
|
|
enum:
|
|
- Always
|
|
- IfNotPresent
|
|
- Never
|
|
type: string
|
|
infra:
|
|
description: Selectors and tolerations that should apply to cdi infrastructure
|
|
components
|
|
properties:
|
|
affinity:
|
|
description: affinity enables pod affinity/anti-affinity placement
|
|
expanding the types of constraints that can be expressed with
|
|
nodeSelector. affinity is going to be applied to the relevant
|
|
kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for
|
|
the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node matches the corresponding matchExpressions;
|
|
the node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: An empty preferred scheduling term matches
|
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
|
A null preferred scheduling term matches no objects
|
|
(i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with
|
|
the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the
|
|
corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from
|
|
its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms.
|
|
The terms are ORed.
|
|
items:
|
|
description: A null or empty node selector term
|
|
matches no objects. The requirements of them are
|
|
ANDed. The TopologySelectorTerm type implements
|
|
a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g.
|
|
co-locate this pod in the same node, zone, etc. as some
|
|
other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to a pod label update),
|
|
the system may or may not try to eventually evict the
|
|
pod from its node. When there are multiple elements,
|
|
the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules
|
|
(e.g. avoid putting this pod in the same node, zone, etc.
|
|
as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the anti-affinity expressions
|
|
specified by this field, but it may choose a node that
|
|
violates one or more of the expressions. The node that
|
|
is most preferred is the one with the greatest sum of
|
|
weights, i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
anti-affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the anti-affinity requirements specified
|
|
by this field are not met at scheduling time, the pod
|
|
will not be scheduled onto the node. If the anti-affinity
|
|
requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod
|
|
label update), the system may or may not try to eventually
|
|
evict the pod from its node. When there are multiple
|
|
elements, the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
apiServerReplicas:
|
|
description: ApiserverReplicas set Replicas for cdi-apiserver
|
|
format: int32
|
|
type: integer
|
|
deploymentReplicas:
|
|
description: DeploymentReplicas set Replicas for cdi-deployment
|
|
format: int32
|
|
type: integer
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'nodeSelector is the node selector applied to the
|
|
relevant kind of pods It specifies a map of key-value pairs:
|
|
for the pod to be eligible to run on a node, the node must have
|
|
each of the indicated key-value pairs as labels (it can have
|
|
additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
|
|
type: object
|
|
tolerations:
|
|
description: tolerations is a list of tolerations applied to the
|
|
relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
for more info. These are additional tolerations other than default
|
|
ones.
|
|
items:
|
|
description: The pod this Toleration is attached to tolerates
|
|
any taint that matches the triple <key,value,effect> using
|
|
the matching operator <operator>.
|
|
properties:
|
|
effect:
|
|
description: Effect indicates the taint effect to match.
|
|
Empty means match all taint effects. When specified, allowed
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: Key is the taint key that the toleration applies
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
operator must be Exists; this combination means to match
|
|
all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: Operator represents a key's relationship to
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
so that a pod can tolerate all taints of a particular
|
|
category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: TolerationSeconds represents the period of
|
|
time the toleration (which must be of effect NoExecute,
|
|
otherwise this field is ignored) tolerates the taint.
|
|
By default, it is not set, which means tolerate the taint
|
|
forever (do not evict). Zero and negative values will
|
|
be treated as 0 (evict immediately) by the system.
|
|
format: int64
|
|
type: integer
|
|
value:
|
|
description: Value is the taint value the toleration matches
|
|
to. If the operator is Exists, the value should be empty,
|
|
otherwise just a regular string.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
uploadProxyReplicas:
|
|
description: UploadproxyReplicas set Replicas for cdi-uploadproxy
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
priorityClass:
|
|
description: PriorityClass of the CDI control plane
|
|
type: string
|
|
uninstallStrategy:
|
|
description: CDIUninstallStrategy defines the state to leave CDI on
|
|
uninstall
|
|
enum:
|
|
- RemoveWorkloads
|
|
- BlockUninstallIfWorkloadsExist
|
|
type: string
|
|
workload:
|
|
description: Restrict on which nodes CDI workload pods will be scheduled
|
|
properties:
|
|
affinity:
|
|
description: affinity enables pod affinity/anti-affinity placement
|
|
expanding the types of constraints that can be expressed with
|
|
nodeSelector. affinity is going to be applied to the relevant
|
|
kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for
|
|
the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node matches the corresponding matchExpressions;
|
|
the node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: An empty preferred scheduling term matches
|
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
|
A null preferred scheduling term matches no objects
|
|
(i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with
|
|
the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the
|
|
corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from
|
|
its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms.
|
|
The terms are ORed.
|
|
items:
|
|
description: A null or empty node selector term
|
|
matches no objects. The requirements of them are
|
|
ANDed. The TopologySelectorTerm type implements
|
|
a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g.
|
|
co-locate this pod in the same node, zone, etc. as some
|
|
other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to a pod label update),
|
|
the system may or may not try to eventually evict the
|
|
pod from its node. When there are multiple elements,
|
|
the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules
|
|
(e.g. avoid putting this pod in the same node, zone, etc.
|
|
as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the anti-affinity expressions
|
|
specified by this field, but it may choose a node that
|
|
violates one or more of the expressions. The node that
|
|
is most preferred is the one with the greatest sum of
|
|
weights, i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
anti-affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the anti-affinity requirements specified
|
|
by this field are not met at scheduling time, the pod
|
|
will not be scheduled onto the node. If the anti-affinity
|
|
requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod
|
|
label update), the system may or may not try to eventually
|
|
evict the pod from its node. When there are multiple
|
|
elements, the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'nodeSelector is the node selector applied to the
|
|
relevant kind of pods It specifies a map of key-value pairs:
|
|
for the pod to be eligible to run on a node, the node must have
|
|
each of the indicated key-value pairs as labels (it can have
|
|
additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
|
|
type: object
|
|
tolerations:
|
|
description: tolerations is a list of tolerations applied to the
|
|
relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
for more info. These are additional tolerations other than default
|
|
ones.
|
|
items:
|
|
description: The pod this Toleration is attached to tolerates
|
|
any taint that matches the triple <key,value,effect> using
|
|
the matching operator <operator>.
|
|
properties:
|
|
effect:
|
|
description: Effect indicates the taint effect to match.
|
|
Empty means match all taint effects. When specified, allowed
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: Key is the taint key that the toleration applies
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
operator must be Exists; this combination means to match
|
|
all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: Operator represents a key's relationship to
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
so that a pod can tolerate all taints of a particular
|
|
category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: TolerationSeconds represents the period of
|
|
time the toleration (which must be of effect NoExecute,
|
|
otherwise this field is ignored) tolerates the taint.
|
|
By default, it is not set, which means tolerate the taint
|
|
forever (do not evict). Zero and negative values will
|
|
be treated as 0 (evict immediately) by the system.
|
|
format: int64
|
|
type: integer
|
|
value:
|
|
description: Value is the taint value the toleration matches
|
|
to. If the operator is Exists, the value should be empty,
|
|
otherwise just a regular string.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: CDIStatus defines the status of the installation
|
|
properties:
|
|
conditions:
|
|
description: A list of current conditions of the resource
|
|
items:
|
|
description: Condition represents the state of the operator's reconciliation
|
|
functionality.
|
|
properties:
|
|
lastHeartbeatTime:
|
|
format: date-time
|
|
type: string
|
|
lastTransitionTime:
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
status:
|
|
type: string
|
|
type:
|
|
description: ConditionType is the state of the operator's reconciliation
|
|
functionality.
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
observedVersion:
|
|
description: The observed version of the resource
|
|
type: string
|
|
operatorVersion:
|
|
description: The version of the resource as defined by the operator
|
|
type: string
|
|
phase:
|
|
description: Phase is the current phase of the deployment
|
|
type: string
|
|
targetVersion:
|
|
description: The desired version of the resource
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.phase
|
|
name: Phase
|
|
type: string
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: CDI is the CDI Operator CRD
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: CDISpec defines our specification for the CDI installation
|
|
properties:
|
|
certConfig:
|
|
description: certificate configuration
|
|
properties:
|
|
ca:
|
|
description: CA configuration CA certs are kept in the CA bundle
|
|
as long as they are valid
|
|
properties:
|
|
duration:
|
|
description: The requested 'duration' (i.e. lifetime) of the
|
|
Certificate.
|
|
type: string
|
|
renewBefore:
|
|
description: The amount of time before the currently issued
|
|
certificate's `notAfter` time that we will begin to attempt
|
|
to renew the certificate.
|
|
type: string
|
|
type: object
|
|
server:
|
|
description: Server configuration Certs are rotated and discarded
|
|
properties:
|
|
duration:
|
|
description: The requested 'duration' (i.e. lifetime) of the
|
|
Certificate.
|
|
type: string
|
|
renewBefore:
|
|
description: The amount of time before the currently issued
|
|
certificate's `notAfter` time that we will begin to attempt
|
|
to renew the certificate.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
cloneStrategyOverride:
|
|
description: 'Clone strategy override: should we use a host-assisted
|
|
copy even if snapshots are available?'
|
|
enum:
|
|
- copy
|
|
- snapshot
|
|
- csi-clone
|
|
type: string
|
|
config:
|
|
description: CDIConfig at CDI level
|
|
properties:
|
|
dataVolumeTTLSeconds:
|
|
description: DataVolumeTTLSeconds is the time in seconds after
|
|
DataVolume completion it can be garbage collected. Disabled
|
|
by default.
|
|
format: int32
|
|
type: integer
|
|
featureGates:
|
|
description: FeatureGates are a list of specific enabled feature
|
|
gates
|
|
items:
|
|
type: string
|
|
type: array
|
|
filesystemOverhead:
|
|
description: FilesystemOverhead describes the space reserved for
|
|
overhead when using Filesystem volumes. A value is between 0
|
|
and 1, if not defined it is 0.055 (5.5% overhead)
|
|
properties:
|
|
global:
|
|
description: Global is how much space of a Filesystem volume
|
|
should be reserved for overhead. This value is used unless
|
|
overridden by a more specific value (per storageClass)
|
|
pattern: ^(0(?:\.\d{1,3})?|1)$
|
|
type: string
|
|
storageClass:
|
|
additionalProperties:
|
|
description: 'Percent is a string that can only be a value
|
|
between [0,1) (Note: we actually rely on reconcile to
|
|
reject invalid values)'
|
|
pattern: ^(0(?:\.\d{1,3})?|1)$
|
|
type: string
|
|
description: StorageClass specifies how much space of a Filesystem
|
|
volume should be reserved for safety. The keys are the storageClass
|
|
and the values are the overhead. This value overrides the
|
|
global value
|
|
type: object
|
|
type: object
|
|
imagePullSecrets:
|
|
description: The imagePullSecrets used to pull the container images
|
|
items:
|
|
description: LocalObjectReference contains enough information
|
|
to let you locate the referenced object inside the same namespace.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
type: string
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
importProxy:
|
|
description: ImportProxy contains importer pod proxy configuration.
|
|
properties:
|
|
HTTPProxy:
|
|
description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
|
|
of the import proxy for HTTP requests. Empty means unset
|
|
and will not result in the import pod env var.
|
|
type: string
|
|
HTTPSProxy:
|
|
description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
|
|
of the import proxy for HTTPS requests. Empty means unset
|
|
and will not result in the import pod env var.
|
|
type: string
|
|
noProxy:
|
|
description: NoProxy is a comma-separated list of hostnames
|
|
and/or CIDRs for which the proxy should not be used. Empty
|
|
means unset and will not result in the import pod env var.
|
|
type: string
|
|
trustedCAProxy:
|
|
description: "TrustedCAProxy is the name of a ConfigMap in
|
|
the cdi namespace that contains a user-provided trusted
|
|
certificate authority (CA) bundle. The TrustedCAProxy ConfigMap
|
|
is consumed by the DataImportCron controller for creating
|
|
cronjobs, and by the import controller referring a copy
|
|
of the ConfigMap in the import namespace. Here is an example
|
|
of the ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap
|
|
metadata: name: my-ca-proxy-cm namespace: cdi data: ca.pem:
|
|
| -----BEGIN CERTIFICATE----- ... <base64 encoded cert>
|
|
... -----END CERTIFICATE-----"
|
|
type: string
|
|
type: object
|
|
insecureRegistries:
|
|
description: InsecureRegistries is a list of TLS disabled registries
|
|
items:
|
|
type: string
|
|
type: array
|
|
logVerbosity:
|
|
description: LogVerbosity overrides the default verbosity level
|
|
used to initialize loggers
|
|
format: int32
|
|
type: integer
|
|
podResourceRequirements:
|
|
description: ResourceRequirements describes the compute resource
|
|
requirements.
|
|
properties:
|
|
claims:
|
|
description: "Claims lists the names of resources, defined
|
|
in spec.resourceClaims, that are used by this container.
|
|
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
|
feature gate. \n This field is immutable. It can only be
|
|
set for containers."
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: Name must match the name of one entry in
|
|
pod.spec.resourceClaims of the Pod where this field
|
|
is used. It makes that resource available inside a
|
|
container.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Limits describes the maximum amount of compute
|
|
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: 'Requests describes the minimum amount of compute
|
|
resources required. If Requests is omitted for a container,
|
|
it defaults to Limits if that is explicitly specified, otherwise
|
|
to an implementation-defined value. Requests cannot exceed
|
|
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
type: object
|
|
type: object
|
|
preallocation:
|
|
description: Preallocation controls whether storage for DataVolumes
|
|
should be allocated in advance.
|
|
type: boolean
|
|
scratchSpaceStorageClass:
|
|
description: 'Override the storage class to used for scratch space
|
|
during transfer operations. The scratch space storage class
|
|
is determined in the following order: 1. value of scratchSpaceStorageClass,
|
|
if that doesn''t exist, use the default storage class, if there
|
|
is no default storage class, use the storage class of the DataVolume,
|
|
if no storage class specified, use no storage class for scratch
|
|
space'
|
|
type: string
|
|
tlsSecurityProfile:
|
|
description: TLSSecurityProfile is used by operators to apply
|
|
cluster-wide TLS security settings to operands.
|
|
properties:
|
|
custom:
|
|
description: "custom is a user-defined TLS security profile.
|
|
Be extremely careful using a custom profile as invalid configurations
|
|
can be catastrophic. An example custom profile looks like
|
|
this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256
|
|
minTLSVersion: TLSv1.1"
|
|
nullable: true
|
|
properties:
|
|
ciphers:
|
|
description: "ciphers is used to specify the cipher algorithms
|
|
that are negotiated during the TLS handshake. Operators
|
|
may remove entries their operands do not support. For
|
|
example, to use DES-CBC3-SHA (yaml): \n ciphers: -
|
|
DES-CBC3-SHA"
|
|
items:
|
|
type: string
|
|
type: array
|
|
minTLSVersion:
|
|
description: "minTLSVersion is used to specify the minimal
|
|
version of the TLS protocol that is negotiated during
|
|
the TLS handshake. For example, to use TLS versions
|
|
1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n
|
|
NOTE: currently the highest minTLSVersion allowed is
|
|
VersionTLS12"
|
|
enum:
|
|
- VersionTLS10
|
|
- VersionTLS11
|
|
- VersionTLS12
|
|
- VersionTLS13
|
|
type: string
|
|
type: object
|
|
intermediate:
|
|
description: "intermediate is a TLS security profile based
|
|
on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
- ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
|
|
- ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
|
|
minTLSVersion: TLSv1.2"
|
|
nullable: true
|
|
type: object
|
|
modern:
|
|
description: "modern is a TLS security profile based on: \n
|
|
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
|
|
nullable: true
|
|
type: object
|
|
old:
|
|
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
|
|
\n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
|
|
- ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
|
|
- ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
|
|
- DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
|
|
- DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256
|
|
- ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA
|
|
- ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 -
|
|
ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256
|
|
- DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384
|
|
- AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA
|
|
- DES-CBC3-SHA minTLSVersion: TLSv1.0"
|
|
nullable: true
|
|
type: object
|
|
type:
|
|
description: "type is one of Old, Intermediate, Modern or
|
|
Custom. Custom provides the ability to specify individual
|
|
TLS security profile parameters. Old, Intermediate and Modern
|
|
are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
|
|
\n The profiles are intent based, so they may change over
|
|
time as new ciphers are developed and existing ciphers are
|
|
found to be insecure. Depending on precisely which ciphers
|
|
are available to a process, the list may be reduced. \n
|
|
Note that the Modern profile is currently not supported
|
|
because it is not yet well adopted by common software libraries."
|
|
enum:
|
|
- Old
|
|
- Intermediate
|
|
- Modern
|
|
- Custom
|
|
type: string
|
|
type: object
|
|
uploadProxyURLOverride:
|
|
description: Override the URL used when uploading to a DataVolume
|
|
type: string
|
|
type: object
|
|
customizeComponents:
|
|
description: CustomizeComponents defines patches for components deployed
|
|
by the CDI operator.
|
|
properties:
|
|
flags:
|
|
description: Configure the value used for deployment and daemonset
|
|
resources
|
|
properties:
|
|
api:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
controller:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
uploadProxy:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
patches:
|
|
items:
|
|
description: CustomizeComponentsPatch defines a patch for some
|
|
resource.
|
|
properties:
|
|
patch:
|
|
type: string
|
|
resourceName:
|
|
minLength: 1
|
|
type: string
|
|
resourceType:
|
|
minLength: 1
|
|
type: string
|
|
type:
|
|
description: PatchType defines the patch type.
|
|
type: string
|
|
required:
|
|
- patch
|
|
- resourceName
|
|
- resourceType
|
|
- type
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
imagePullPolicy:
|
|
description: PullPolicy describes a policy for if/when to pull a container
|
|
image
|
|
enum:
|
|
- Always
|
|
- IfNotPresent
|
|
- Never
|
|
type: string
|
|
infra:
|
|
description: Selectors and tolerations that should apply to cdi infrastructure
|
|
components
|
|
properties:
|
|
affinity:
|
|
description: affinity enables pod affinity/anti-affinity placement
|
|
expanding the types of constraints that can be expressed with
|
|
nodeSelector. affinity is going to be applied to the relevant
|
|
kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for
|
|
the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node matches the corresponding matchExpressions;
|
|
the node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: An empty preferred scheduling term matches
|
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
|
A null preferred scheduling term matches no objects
|
|
(i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with
|
|
the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the
|
|
corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from
|
|
its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms.
|
|
The terms are ORed.
|
|
items:
|
|
description: A null or empty node selector term
|
|
matches no objects. The requirements of them are
|
|
ANDed. The TopologySelectorTerm type implements
|
|
a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g.
|
|
co-locate this pod in the same node, zone, etc. as some
|
|
other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to a pod label update),
|
|
the system may or may not try to eventually evict the
|
|
pod from its node. When there are multiple elements,
|
|
the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules
|
|
(e.g. avoid putting this pod in the same node, zone, etc.
|
|
as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the anti-affinity expressions
|
|
specified by this field, but it may choose a node that
|
|
violates one or more of the expressions. The node that
|
|
is most preferred is the one with the greatest sum of
|
|
weights, i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
anti-affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the anti-affinity requirements specified
|
|
by this field are not met at scheduling time, the pod
|
|
will not be scheduled onto the node. If the anti-affinity
|
|
requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod
|
|
label update), the system may or may not try to eventually
|
|
evict the pod from its node. When there are multiple
|
|
elements, the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
apiServerReplicas:
|
|
description: ApiserverReplicas set Replicas for cdi-apiserver
|
|
format: int32
|
|
type: integer
|
|
deploymentReplicas:
|
|
description: DeploymentReplicas set Replicas for cdi-deployment
|
|
format: int32
|
|
type: integer
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'nodeSelector is the node selector applied to the
|
|
relevant kind of pods It specifies a map of key-value pairs:
|
|
for the pod to be eligible to run on a node, the node must have
|
|
each of the indicated key-value pairs as labels (it can have
|
|
additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
|
|
type: object
|
|
tolerations:
|
|
description: tolerations is a list of tolerations applied to the
|
|
relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
for more info. These are additional tolerations other than default
|
|
ones.
|
|
items:
|
|
description: The pod this Toleration is attached to tolerates
|
|
any taint that matches the triple <key,value,effect> using
|
|
the matching operator <operator>.
|
|
properties:
|
|
effect:
|
|
description: Effect indicates the taint effect to match.
|
|
Empty means match all taint effects. When specified, allowed
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: Key is the taint key that the toleration applies
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
operator must be Exists; this combination means to match
|
|
all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: Operator represents a key's relationship to
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
so that a pod can tolerate all taints of a particular
|
|
category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: TolerationSeconds represents the period of
|
|
time the toleration (which must be of effect NoExecute,
|
|
otherwise this field is ignored) tolerates the taint.
|
|
By default, it is not set, which means tolerate the taint
|
|
forever (do not evict). Zero and negative values will
|
|
be treated as 0 (evict immediately) by the system.
|
|
format: int64
|
|
type: integer
|
|
value:
|
|
description: Value is the taint value the toleration matches
|
|
to. If the operator is Exists, the value should be empty,
|
|
otherwise just a regular string.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
uploadProxyReplicas:
|
|
description: UploadproxyReplicas set Replicas for cdi-uploadproxy
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
priorityClass:
|
|
description: PriorityClass of the CDI control plane
|
|
type: string
|
|
uninstallStrategy:
|
|
description: CDIUninstallStrategy defines the state to leave CDI on
|
|
uninstall
|
|
enum:
|
|
- RemoveWorkloads
|
|
- BlockUninstallIfWorkloadsExist
|
|
type: string
|
|
workload:
|
|
description: Restrict on which nodes CDI workload pods will be scheduled
|
|
properties:
|
|
affinity:
|
|
description: affinity enables pod affinity/anti-affinity placement
|
|
expanding the types of constraints that can be expressed with
|
|
nodeSelector. affinity is going to be applied to the relevant
|
|
kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for
|
|
the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node matches the corresponding matchExpressions;
|
|
the node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: An empty preferred scheduling term matches
|
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
|
A null preferred scheduling term matches no objects
|
|
(i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with
|
|
the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the
|
|
corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from
|
|
its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms.
|
|
The terms are ORed.
|
|
items:
|
|
description: A null or empty node selector term
|
|
matches no objects. The requirements of them are
|
|
ANDed. The TopologySelectorTerm type implements
|
|
a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements
|
|
by node's labels.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchFields:
|
|
description: A list of node selector requirements
|
|
by node's fields.
|
|
items:
|
|
description: A node selector requirement is
|
|
a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship
|
|
to a set of values. Valid operators
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values.
|
|
If the operator is In or NotIn, the
|
|
values array must be non-empty. If the
|
|
operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the
|
|
operator is Gt or Lt, the values array
|
|
must have a single element, which will
|
|
be interpreted as an integer. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g.
|
|
co-locate this pod in the same node, zone, etc. as some
|
|
other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the affinity expressions specified
|
|
by this field, but it may choose a node that violates
|
|
one or more of the expressions. The node that is most
|
|
preferred is the one with the greatest sum of weights,
|
|
i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the affinity requirements specified by
|
|
this field are not met at scheduling time, the pod will
|
|
not be scheduled onto the node. If the affinity requirements
|
|
specified by this field cease to be met at some point
|
|
during pod execution (e.g. due to a pod label update),
|
|
the system may or may not try to eventually evict the
|
|
pod from its node. When there are multiple elements,
|
|
the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules
|
|
(e.g. avoid putting this pod in the same node, zone, etc.
|
|
as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: The scheduler will prefer to schedule pods
|
|
to nodes that satisfy the anti-affinity expressions
|
|
specified by this field, but it may choose a node that
|
|
violates one or more of the expressions. The node that
|
|
is most preferred is the one with the greatest sum of
|
|
weights, i.e. for each node that meets all of the scheduling
|
|
requirements (resource request, requiredDuringScheduling
|
|
anti-affinity expressions, etc.), compute a sum by iterating
|
|
through the elements of this field and adding "weight"
|
|
to the sum if the node has pods which matches the corresponding
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
|
fields are added per-node to find the most preferred
|
|
node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated
|
|
with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by
|
|
this field and the ones listed in the namespaces
|
|
field. null selector and null or empty namespaces
|
|
list means "this pod's namespace". An empty
|
|
selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list
|
|
of label selector requirements. The requirements
|
|
are ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values,
|
|
a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key
|
|
that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a
|
|
key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists
|
|
and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of
|
|
string values. If the operator is
|
|
In or NotIn, the values array must
|
|
be non-empty. If the operator is
|
|
Exists or DoesNotExist, the values
|
|
array must be empty. This array
|
|
is replaced during a strategic merge
|
|
patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator
|
|
is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces
|
|
listed in this field and the ones selected
|
|
by namespaceSelector. null or empty namespaces
|
|
list and null namespaceSelector means "this
|
|
pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the
|
|
pods matching the labelSelector in the specified
|
|
namespaces, where co-located is defined as
|
|
running on a node whose value of the label
|
|
with key topologyKey matches that of any node
|
|
on which any of the selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: weight associated with matching the
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: If the anti-affinity requirements specified
|
|
by this field are not met at scheduling time, the pod
|
|
will not be scheduled onto the node. If the anti-affinity
|
|
requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod
|
|
label update), the system may or may not try to eventually
|
|
evict the pod from its node. When there are multiple
|
|
elements, the lists of nodes corresponding to each podAffinityTerm
|
|
are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: Defines a set of pods (namely those matching
|
|
the labelSelector relative to the given namespace(s))
|
|
that this pod should be co-located (affinity) or not
|
|
co-located (anti-affinity) with, where co-located
|
|
is defined as running on a node whose value of the
|
|
label with key <topologyKey> matches that of any node
|
|
on which a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: A label query over a set of resources,
|
|
in this case pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaceSelector:
|
|
description: A label query over the set of namespaces
|
|
that the term applies to. The term is applied
|
|
to the union of the namespaces selected by this
|
|
field and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list
|
|
means "this pod's namespace". An empty selector
|
|
({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label
|
|
selector requirements. The requirements are
|
|
ANDed.
|
|
items:
|
|
description: A label selector requirement
|
|
is a selector that contains values, a key,
|
|
and an operator that relates the key and
|
|
values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that
|
|
the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's
|
|
relationship to a set of values. Valid
|
|
operators are In, NotIn, Exists and
|
|
DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string
|
|
values. If the operator is In or NotIn,
|
|
the values array must be non-empty.
|
|
If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This
|
|
array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value}
|
|
pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions,
|
|
whose key field is "key", the operator is
|
|
"In", and the values array contains only "value".
|
|
The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: namespaces specifies a static list
|
|
of namespace names that the term applies to. The
|
|
term is applied to the union of the namespaces
|
|
listed in this field and the ones selected by
|
|
namespaceSelector. null or empty namespaces list
|
|
and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
topologyKey:
|
|
description: This pod should be co-located (affinity)
|
|
or not co-located (anti-affinity) with the pods
|
|
matching the labelSelector in the specified namespaces,
|
|
where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey
|
|
matches that of any node on which any of the selected
|
|
pods is running. Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
nodeSelector:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'nodeSelector is the node selector applied to the
|
|
relevant kind of pods It specifies a map of key-value pairs:
|
|
for the pod to be eligible to run on a node, the node must have
|
|
each of the indicated key-value pairs as labels (it can have
|
|
additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
|
|
type: object
|
|
tolerations:
|
|
description: tolerations is a list of tolerations applied to the
|
|
relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
for more info. These are additional tolerations other than default
|
|
ones.
|
|
items:
|
|
description: The pod this Toleration is attached to tolerates
|
|
any taint that matches the triple <key,value,effect> using
|
|
the matching operator <operator>.
|
|
properties:
|
|
effect:
|
|
description: Effect indicates the taint effect to match.
|
|
Empty means match all taint effects. When specified, allowed
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: Key is the taint key that the toleration applies
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
operator must be Exists; this combination means to match
|
|
all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: Operator represents a key's relationship to
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
so that a pod can tolerate all taints of a particular
|
|
category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: TolerationSeconds represents the period of
|
|
time the toleration (which must be of effect NoExecute,
|
|
otherwise this field is ignored) tolerates the taint.
|
|
By default, it is not set, which means tolerate the taint
|
|
forever (do not evict). Zero and negative values will
|
|
be treated as 0 (evict immediately) by the system.
|
|
format: int64
|
|
type: integer
|
|
value:
|
|
description: Value is the taint value the toleration matches
|
|
to. If the operator is Exists, the value should be empty,
|
|
otherwise just a regular string.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: CDIStatus defines the status of the installation
|
|
properties:
|
|
conditions:
|
|
description: A list of current conditions of the resource
|
|
items:
|
|
description: Condition represents the state of the operator's reconciliation
|
|
functionality.
|
|
properties:
|
|
lastHeartbeatTime:
|
|
format: date-time
|
|
type: string
|
|
lastTransitionTime:
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
status:
|
|
type: string
|
|
type:
|
|
description: ConditionType is the state of the operator's reconciliation
|
|
functionality.
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
observedVersion:
|
|
description: The observed version of the resource
|
|
type: string
|
|
operatorVersion:
|
|
description: The version of the resource as defined by the operator
|
|
type: string
|
|
phase:
|
|
description: Phase is the current phase of the deployment
|
|
type: string
|
|
targetVersion:
|
|
description: The desired version of the resource
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources: {}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
operator.cdi.kubevirt.io: ""
|
|
name: cdi-operator-cluster
|
|
rules:
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterrolebindings
|
|
- clusterroles
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- security.openshift.io
|
|
resources:
|
|
- securitycontextconstraints
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- create
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
- customresourcedefinitions/status
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
- upload.cdi.kubevirt.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resources:
|
|
- validatingwebhookconfigurations
|
|
- mutatingwebhookconfigurations
|
|
verbs:
|
|
- create
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resourceNames:
|
|
- cdi-api-dataimportcron-validate
|
|
- cdi-api-populator-validate
|
|
- cdi-api-datavolume-validate
|
|
- cdi-api-validate
|
|
- objecttransfer-api-validate
|
|
resources:
|
|
- validatingwebhookconfigurations
|
|
verbs:
|
|
- get
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resourceNames:
|
|
- cdi-api-datavolume-mutate
|
|
- cdi-api-pvc-mutate
|
|
resources:
|
|
- mutatingwebhookconfigurations
|
|
verbs:
|
|
- get
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- apiregistration.k8s.io
|
|
resources:
|
|
- apiservices
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- snapshot.storage.k8s.io
|
|
resources:
|
|
- volumesnapshots
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- datavolumes
|
|
verbs:
|
|
- list
|
|
- get
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- datasources
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- volumeclonesources
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- storageprofiles
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- cdis
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- cdiconfigs
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- cdis/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- deletecollection
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims/finalizers
|
|
- pods/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
- services
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- create
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
- csidrivers
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- config.openshift.io
|
|
resources:
|
|
- proxies
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- config.openshift.io
|
|
resources:
|
|
- clusterversions
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- snapshot.storage.k8s.io
|
|
resources:
|
|
- volumesnapshots
|
|
- volumesnapshotclasses
|
|
- volumesnapshotcontents
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- delete
|
|
- apiGroups:
|
|
- snapshot.storage.k8s.io
|
|
resources:
|
|
- volumesnapshots
|
|
verbs:
|
|
- update
|
|
- deletecollection
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- scheduling.k8s.io
|
|
resources:
|
|
- priorityclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- image.openshift.io
|
|
resources:
|
|
- imagestreams
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- kubevirt.io
|
|
resources:
|
|
- virtualmachines/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- cdi.kubevirt.io
|
|
resources:
|
|
- dataimportcrons
|
|
verbs:
|
|
- get
|
|
- list
|
|
- update
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
operator.cdi.kubevirt.io: ""
|
|
name: cdi-operator
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cdi-operator-cluster
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
operator.cdi.kubevirt.io: ""
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
app: containerized-data-importer
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/managed-by: cdi-operator
|
|
cdi.kubevirt.io: ""
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
rules:
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
- configmaps
|
|
- events
|
|
- secrets
|
|
- services
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- deployments
|
|
- deployments/finalizers
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- route.openshift.io
|
|
resources:
|
|
- routes
|
|
- routes/custom-host
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- apiGroups:
|
|
- config.openshift.io
|
|
resources:
|
|
- proxies
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- monitoring.coreos.com
|
|
resources:
|
|
- servicemonitors
|
|
- prometheusrules
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- delete
|
|
- update
|
|
- patch
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- create
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- cronjobs
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- deletecollection
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- deletecollection
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- create
|
|
- update
|
|
- apiGroups:
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- route.openshift.io
|
|
resources:
|
|
- routes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
app: containerized-data-importer
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/managed-by: cdi-operator
|
|
cdi.kubevirt.io: ""
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: cdi-operator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
cdi.kubevirt.io: cdi-operator
|
|
name: cdi-operator
|
|
operator.cdi.kubevirt.io: ""
|
|
prometheus.cdi.kubevirt.io: "true"
|
|
name: cdi-operator
|
|
namespace: cdi
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
name: cdi-operator
|
|
operator.cdi.kubevirt.io: ""
|
|
strategy: {}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
cdi.kubevirt.io: cdi-operator
|
|
name: cdi-operator
|
|
operator.cdi.kubevirt.io: ""
|
|
prometheus.cdi.kubevirt.io: "true"
|
|
spec:
|
|
affinity:
|
|
podAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: cdi.kubevirt.io
|
|
operator: In
|
|
values:
|
|
- cdi-operator
|
|
topologyKey: kubernetes.io/hostname
|
|
weight: 1
|
|
containers:
|
|
- env:
|
|
- name: DEPLOY_CLUSTER_RESOURCES
|
|
value: "true"
|
|
- name: OPERATOR_VERSION
|
|
value: v1.59.0
|
|
- name: CONTROLLER_IMAGE
|
|
value: quay.io/kubevirt/cdi-controller:v1.59.0
|
|
- name: IMPORTER_IMAGE
|
|
value: quay.io/kubevirt/cdi-importer:v1.59.0
|
|
- name: CLONER_IMAGE
|
|
value: quay.io/kubevirt/cdi-cloner:v1.59.0
|
|
- name: APISERVER_IMAGE
|
|
value: quay.io/kubevirt/cdi-apiserver:v1.59.0
|
|
- name: UPLOAD_SERVER_IMAGE
|
|
value: quay.io/kubevirt/cdi-uploadserver:v1.59.0
|
|
- name: UPLOAD_PROXY_IMAGE
|
|
value: quay.io/kubevirt/cdi-uploadproxy:v1.59.0
|
|
- name: VERBOSITY
|
|
value: "1"
|
|
- name: PULL_POLICY
|
|
value: IfNotPresent
|
|
- name: MONITORING_NAMESPACE
|
|
image: quay.io/kubevirt/cdi-operator:v1.59.0
|
|
imagePullPolicy: IfNotPresent
|
|
name: cdi-operator
|
|
ports:
|
|
- containerPort: 8080
|
|
name: metrics
|
|
protocol: TCP
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 150Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
serviceAccountName: cdi-operator
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|