From fdb9b65f504bca8e3ae3f7ff11dd7af69ae9b3f0 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Tue, 3 Mar 2026 11:24:35 -0800 Subject: [PATCH 1/5] Exclude monorepo-only dirs and preserve Makefile during API sync The upstream calico/api directory now has config/, admission/, and patches/ dirs that are monorepo-only, and bgpfilter_test.go requires a kind cluster. The blanket cp -r was copying them into the standalone repo, creating noisy PR diffs and breaking CI. Add cleanup in pull-upstream-changes for monorepo-only dirs and files, and add Makefile to KEEP_LOCAL_FILES so the standalone version isn't overwritten. --- Makefile.local | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile.local b/Makefile.local index a1ddfe3..456b311 100644 --- a/Makefile.local +++ b/Makefile.local @@ -50,7 +50,7 @@ endif # List of files that we should keep even if they've changed upstream; # At the moment, we keep the README because this repository has # its own README; the upstream one isn't relevant to this repository. -KEEP_LOCAL_FILES := README.md +KEEP_LOCAL_FILES := README.md Makefile # The commit message/PR title to use when we commit our changes ifneq ($(origin CALICO_GIT_REF), file) @@ -110,6 +110,11 @@ pull-upstream-changes: cp $(CALICO_TEMP_DIR)/lib.Makefile . cp $(CALICO_TEMP_DIR)/metadata.mk . + # Remove monorepo-only directories and files that don't belong in the + # standalone API repo. The bgpfilter_test.go file requires a kind cluster. + rm -rf config/ admission/ patches/ + rm -f pkg/apis/projectcalico/v3/bgpfilter_test.go + # Restores any files that we want to keep even if they're different # upstream. For example, `README.md` is different in this repository # than the equivalent file in the upstream repository. From ceaf684260369e3cfd95cd77eb3266d9bae404b1 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Tue, 3 Mar 2026 13:56:32 -0800 Subject: [PATCH 2/5] Revert "Add CRD policy manifests and fix path" This reverts commit ff8d891f72325cc15f64a2b2b4a79cedf94c4635. --- .semaphore/semaphore.yml | 5 - .../templates/eck/01-crd-eck-bundle.yaml | 4849 ----- ...tor.tigera.io_amazoncloudintegrations.yaml | 213 - .../operator.tigera.io_apiservers.yaml | 2829 --- .../operator.tigera.io_applicationlayers.yaml | 385 - .../operator.tigera.io_authentications.yaml | 495 - .../operator.tigera.io_compliances.yaml | 1064 - .../operator.tigera.io_egressgateways.yaml | 1669 -- .../operator.tigera.io_gatewayapis.yaml | 5465 ----- .../operator.tigera.io_goldmanes.yaml | 1520 -- .../operator.tigera.io_imagesets.yaml | 78 - .../operator.tigera.io_installations.yaml | 17850 ---------------- ...perator.tigera.io_intrusiondetections.yaml | 499 - .../templates/operator.tigera.io_istios.yaml | 3441 --- .../operator.tigera.io_logcollectors.yaml | 649 - .../operator.tigera.io_logstorages.yaml | 1323 -- ...igera.io_managementclusterconnections.yaml | 356 - ...operator.tigera.io_managementclusters.yaml | 80 - .../operator.tigera.io_managers.yaml | 314 - .../operator.tigera.io_monitors.yaml | 613 - .../operator.tigera.io_nonclusterhosts.yaml | 64 - .../operator.tigera.io_packetcaptureapis.yaml | 308 - ...rator.tigera.io_policyrecommendations.yaml | 253 - .../operator.tigera.io_tigerastatuses.yaml | 116 - ...erator.tigera.io_tlspassthroughroutes.yaml | 71 - ...perator.tigera.io_tlsterminatedroutes.yaml | 163 - .../operator.tigera.io_whiskers.yaml | 1527 -- lib.Makefile | 4 +- ...crd.projectcalico.org_alertexceptions.yaml | 48 - ...d.projectcalico.org_bfdconfigurations.yaml | 55 - ...d.projectcalico.org_bgpconfigurations.yaml | 143 - .../crd/crd.projectcalico.org_bgpfilters.yaml | 204 - .../crd/crd.projectcalico.org_bgppeers.yaml | 113 - ...crd.projectcalico.org_blockaffinities.yaml | 47 - ....projectcalico.org_caliconodestatuses.yaml | 214 - ...projectcalico.org_clusterinformations.yaml | 46 - ...ojectcalico.org_deeppacketinspections.yaml | 65 - ...ojectcalico.org_egressgatewaypolicies.yaml | 59 - ...rd.projectcalico.org_externalnetworks.yaml | 37 - ...projectcalico.org_felixconfigurations.yaml | 2112 -- .../crd.projectcalico.org_globalalerts.yaml | 114 - ...rojectcalico.org_globalalerttemplates.yaml | 83 - ...ojectcalico.org_globalnetworkpolicies.yaml | 471 - ...d.projectcalico.org_globalnetworksets.yaml | 41 - .../crd.projectcalico.org_globalreports.yaml | 235 - ...d.projectcalico.org_globalreporttypes.yaml | 76 - ...d.projectcalico.org_globalthreatfeeds.yaml | 164 - .../crd.projectcalico.org_hostendpoints.yaml | 67 - .../crd/crd.projectcalico.org_ipamblocks.yaml | 80 - .../crd.projectcalico.org_ipamconfigs.yaml | 43 - .../crd.projectcalico.org_ipamhandles.yaml | 43 - .../crd/crd.projectcalico.org_ippools.yaml | 80 - .../crd.projectcalico.org_ipreservations.yaml | 38 - ...ico.org_kubecontrollersconfigurations.yaml | 280 - .../crd.projectcalico.org_licensekeys.yaml | 96 - ...crd.projectcalico.org_managedclusters.yaml | 58 - ...crd.projectcalico.org_networkpolicies.yaml | 463 - .../crd.projectcalico.org_networksets.yaml | 41 - .../crd.projectcalico.org_packetcaptures.yaml | 84 - ...calico.org_policyrecommendationscopes.yaml | 76 - ...alico.org_remoteclusterconfigurations.yaml | 94 - ...ojectcalico.org_securityeventwebhooks.yaml | 119 - ...alico.org_stagedglobalnetworkpolicies.yaml | 478 - ...o.org_stagedkubernetesnetworkpolicies.yaml | 254 - ...ojectcalico.org_stagednetworkpolicies.yaml | 470 - .../crd/crd.projectcalico.org_tiers.yaml | 61 - .../crd/crd.projectcalico.org_uisettings.yaml | 195 - ...rd.projectcalico.org_uisettingsgroups.yaml | 41 - ...etworking.k8s.io_adminnetworkpolicies.yaml | 1107 - ...g.k8s.io_baselineadminnetworkpolicies.yaml | 1083 - .../usage.tigera.io_licenseusagereports.yaml | 42 - 71 files changed, 1 insertion(+), 55922 deletions(-) delete mode 100644 charts/crd.projectcalico.org.v1/templates/eck/01-crd-eck-bundle.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_amazoncloudintegrations.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_apiservers.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_applicationlayers.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_authentications.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_compliances.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_egressgateways.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_gatewayapis.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_goldmanes.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_imagesets.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_installations.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_intrusiondetections.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_istios.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logcollectors.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logstorages.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusterconnections.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusters.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managers.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_monitors.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_nonclusterhosts.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_packetcaptureapis.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_policyrecommendations.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tigerastatuses.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlspassthroughroutes.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlsterminatedroutes.yaml delete mode 100644 charts/crd.projectcalico.org.v1/templates/operator.tigera.io_whiskers.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_alertexceptions.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_bfdconfigurations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_bgpconfigurations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_bgpfilters.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_bgppeers.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_blockaffinities.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_caliconodestatuses.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_clusterinformations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_deeppacketinspections.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_egressgatewaypolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_externalnetworks.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_felixconfigurations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalalerts.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalalerttemplates.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalnetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalnetworksets.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalreports.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalreporttypes.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_globalthreatfeeds.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_hostendpoints.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_ipamblocks.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_ipamconfigs.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_ipamhandles.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_ipreservations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_kubecontrollersconfigurations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_licensekeys.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_managedclusters.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_networkpolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_networksets.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_packetcaptures.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_policyrecommendationscopes.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_remoteclusterconfigurations.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_securityeventwebhooks.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_stagedglobalnetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_stagednetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_tiers.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_uisettings.yaml delete mode 100644 libcalico-go/config/crd/crd.projectcalico.org_uisettingsgroups.yaml delete mode 100644 libcalico-go/config/crd/policy.networking.k8s.io_adminnetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml delete mode 100644 libcalico-go/config/crd/usage.tigera.io_licenseusagereports.yaml diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 8880116..16d4d1d 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -30,11 +30,6 @@ blocks: task: jobs: - name: "make build / ci" - env_vars: - - name: CALICO_CRD_PATH - value: config/crd/ - - name: CALICO_ADMISSION_POLICY_PATH - value: admission/ commands: - make build - make ci diff --git a/charts/crd.projectcalico.org.v1/templates/eck/01-crd-eck-bundle.yaml b/charts/crd.projectcalico.org.v1/templates/eck/01-crd-eck-bundle.yaml deleted file mode 100644 index a79560e..0000000 --- a/charts/crd.projectcalico.org.v1/templates/eck/01-crd-eck-bundle.yaml +++ /dev/null @@ -1,4849 +0,0 @@ -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: agents.agent.k8s.elastic.co -spec: - group: agent.k8s.elastic.co - names: - categories: - - elastic - kind: Agent - listKind: AgentList - plural: agents - shortNames: - - agent - singular: agent - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: available - type: integer - - jsonPath: .status.expectedNodes - name: expected - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - daemonSet: - properties: - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - updateStrategy: - properties: - rollingUpdate: - properties: - maxSurge: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: - type: string - type: object - type: object - deployment: - properties: - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: int32 - type: integer - strategy: - properties: - rollingUpdate: - properties: - maxSurge: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: - type: string - type: object - type: object - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - outputName: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - fleetServerEnabled: - type: boolean - fleetServerRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - kibanaRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - mode: - enum: - - standalone - - fleet - type: string - policyID: - type: string - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - statefulSet: - properties: - podManagementPolicy: - default: Parallel - enum: - - OrderedReady - - Parallel - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: int32 - type: integer - serviceName: - type: string - volumeClaimTemplates: - items: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeAttributesClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - type: object - type: array - type: object - version: - type: string - required: - - version - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: - type: string - type: object - expectedNodes: - format: int32 - type: integer - fleetServerAssociationStatus: - type: string - health: - type: string - kibanaAssociationStatus: - type: string - observedGeneration: - format: int64 - type: integer - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: apmservers.apm.k8s.elastic.co -spec: - group: apm.k8s.elastic.co - names: - categories: - - elastic - kind: ApmServer - listKind: ApmServerList - plural: apmservers - shortNames: - - apm - singular: apmserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - kibanaRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - version: - type: string - required: - - version - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - count: - format: int32 - type: integer - elasticsearchAssociationStatus: - type: string - health: - type: string - kibanaAssociationStatus: - type: string - observedGeneration: - format: int64 - type: integer - secretTokenSecret: - type: string - selector: - type: string - service: - type: string - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .spec.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - version: - type: string - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - health: - type: string - secretTokenSecret: - type: string - service: - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - served: false - storage: false ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: beats.beat.k8s.elastic.co -spec: - group: beat.k8s.elastic.co - names: - categories: - - elastic - kind: Beat - listKind: BeatList - plural: beats - shortNames: - - beat - singular: beat - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: available - type: integer - - jsonPath: .status.expectedNodes - name: expected - type: integer - - jsonPath: .spec.type - name: type - type: string - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - daemonSet: - properties: - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - updateStrategy: - properties: - rollingUpdate: - properties: - maxSurge: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: - type: string - type: object - type: object - deployment: - properties: - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: int32 - type: integer - strategy: - properties: - rollingUpdate: - properties: - maxSurge: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: - type: string - type: object - type: object - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - image: - type: string - kibanaRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - monitoring: - properties: - logs: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - metrics: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - type: object - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - type: - maxLength: 20 - pattern: '[a-zA-Z0-9-]+' - type: string - version: - type: string - required: - - type - - version - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationStatus: - type: string - expectedNodes: - format: int32 - type: integer - health: - type: string - kibanaAssociationStatus: - type: string - monitoringAssociationStatus: - additionalProperties: - type: string - type: object - observedGeneration: - format: int64 - type: integer - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: elasticmapsservers.maps.k8s.elastic.co -spec: - group: maps.k8s.elastic.co - names: - categories: - - elastic - kind: ElasticMapsServer - listKind: ElasticMapsServerList - plural: elasticmapsservers - shortNames: - - ems - singular: elasticmapsserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - revisionHistoryLimit: - format: int32 - type: integer - serviceAccountName: - type: string - version: - type: string - required: - - version - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - count: - format: int32 - type: integer - health: - type: string - observedGeneration: - format: int64 - type: integer - selector: - type: string - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: elasticsearchautoscalers.autoscaling.k8s.elastic.co -spec: - group: autoscaling.k8s.elastic.co - names: - categories: - - elastic - kind: ElasticsearchAutoscaler - listKind: ElasticsearchAutoscalerList - plural: elasticsearchautoscalers - shortNames: - - esa - singular: elasticsearchautoscaler - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.elasticsearchRef.name - name: Target - type: string - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: Active - type: string - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: Healthy - type: string - - jsonPath: .status.conditions[?(@.type=='Limited')].status - name: Limited - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - elasticsearchRef: - properties: - name: - minLength: 1 - type: string - type: object - policies: - items: - properties: - deciders: - additionalProperties: - additionalProperties: - type: string - type: object - type: object - name: - type: string - resources: - properties: - cpu: - properties: - max: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - min: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - requestsToLimitsRatio: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - max - - min - type: object - memory: - properties: - max: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - min: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - requestsToLimitsRatio: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - max - - min - type: object - nodeCount: - properties: - max: - format: int32 - type: integer - min: - format: int32 - type: integer - required: - - max - - min - type: object - storage: - properties: - max: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - min: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - requestsToLimitsRatio: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - max - - min - type: object - required: - - nodeCount - type: object - roles: - items: - type: string - type: array - required: - - resources - type: object - type: array - pollingPeriod: - type: string - required: - - elasticsearchRef - - policies - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - policies: - items: - properties: - lastModificationTime: - format: date-time - type: string - name: - type: string - nodeSets: - items: - properties: - name: - type: string - nodeCount: - format: int32 - type: integer - required: - - name - - nodeCount - type: object - type: array - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - state: - items: - properties: - messages: - items: - type: string - type: array - type: - type: string - required: - - messages - - type - type: object - type: array - required: - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: elasticsearches.elasticsearch.k8s.elastic.co -spec: - group: elasticsearch.k8s.elastic.co - names: - categories: - - elastic - kind: Elasticsearch - listKind: ElasticsearchList - plural: elasticsearches - shortNames: - - es - singular: elasticsearch - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .status.phase - name: phase - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - auth: - properties: - disableElasticUser: - type: boolean - fileRealm: - items: - properties: - secretName: - type: string - type: object - type: array - roles: - items: - properties: - secretName: - type: string - type: object - type: array - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - monitoring: - properties: - logs: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - metrics: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - type: object - nodeSets: - items: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - count: - format: int32 - type: integer - name: - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - volumeClaimTemplates: - items: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeAttributesClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - type: object - type: array - required: - - name - type: object - minItems: 1 - type: array - podDisruptionBudget: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyPodEvictionPolicy: - type: string - type: object - type: object - remoteClusterServer: - properties: - enabled: - type: boolean - type: object - remoteClusters: - items: - properties: - apiKey: - properties: - access: - properties: - replication: - properties: - names: - items: - type: string - type: array - required: - - names - type: object - search: - properties: - allow_restricted_indices: - type: boolean - field_security: - properties: - except: - items: - type: string - type: array - grant: - items: - type: string - type: array - required: - - except - - grant - type: object - names: - items: - type: string - type: array - query: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - names - type: object - type: object - required: - - access - type: object - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - serviceName: - type: string - type: object - name: - minLength: 1 - type: string - required: - - name - type: object - type: array - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - transport: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - certificateAuthorities: - properties: - configMapName: - type: string - type: object - otherNameSuffix: - type: string - selfSignedCertificates: - properties: - disabled: - type: boolean - type: object - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - updateStrategy: - properties: - changeBudget: - properties: - maxSurge: - format: int32 - type: integer - maxUnavailable: - format: int32 - type: integer - type: object - type: object - version: - type: string - volumeClaimDeletePolicy: - enum: - - DeleteOnScaledownOnly - - DeleteOnScaledownAndClusterDeletion - type: string - required: - - nodeSets - - version - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - health: - type: string - inProgressOperations: - properties: - downscale: - properties: - lastUpdatedTime: - format: date-time - type: string - nodes: - items: - properties: - explanation: - type: string - name: - type: string - shutdownStatus: - type: string - required: - - name - - shutdownStatus - type: object - type: array - stalled: - type: boolean - type: object - upgrade: - properties: - lastUpdatedTime: - format: date-time - type: string - nodes: - items: - properties: - message: - type: string - name: - type: string - predicate: - type: string - status: - type: string - required: - - name - - status - type: object - type: array - type: object - upscale: - properties: - lastUpdatedTime: - format: date-time - type: string - nodes: - items: - properties: - message: - type: string - name: - type: string - status: - type: string - required: - - name - - status - type: object - type: array - type: object - required: - - downscale - - upgrade - - upscale - type: object - monitoringAssociationStatus: - additionalProperties: - type: string - type: object - observedGeneration: - format: int64 - type: integer - phase: - type: string - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .spec.version - name: version - type: string - - jsonPath: .status.phase - name: phase - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - nodeSets: - items: - properties: - config: - type: object - count: - format: int32 - minimum: 1 - type: integer - name: - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - type: object - volumeClaimTemplates: - items: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeAttributesClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - type: object - type: array - required: - - count - - name - type: object - minItems: 1 - type: array - podDisruptionBudget: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyPodEvictionPolicy: - type: string - type: object - type: object - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - updateStrategy: - properties: - changeBudget: - properties: - maxSurge: - format: int32 - type: integer - maxUnavailable: - format: int32 - type: integer - type: object - type: object - version: - type: string - required: - - nodeSets - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - health: - type: string - phase: - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - served: false - storage: false ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: enterprisesearches.enterprisesearch.k8s.elastic.co -spec: - group: enterprisesearch.k8s.elastic.co - names: - categories: - - elastic - kind: EnterpriseSearch - listKind: EnterpriseSearchList - plural: enterprisesearches - shortNames: - - ent - singular: enterprisesearch - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - revisionHistoryLimit: - format: int32 - type: integer - serviceAccountName: - type: string - version: - type: string - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - count: - format: int32 - type: integer - health: - type: string - observedGeneration: - format: int64 - type: integer - selector: - type: string - service: - type: string - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - type: string - version: - type: string - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - count: - format: int32 - type: integer - health: - type: string - selector: - type: string - service: - type: string - version: - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: kibanas.kibana.k8s.elastic.co -spec: - group: kibana.k8s.elastic.co - names: - categories: - - elastic - kind: Kibana - listKind: KibanaList - plural: kibanas - shortNames: - - kb - singular: kibana - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - enterpriseSearchRef: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - monitoring: - properties: - logs: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - metrics: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - type: object - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - version: - type: string - required: - - version - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - count: - format: int32 - type: integer - elasticsearchAssociationStatus: - type: string - enterpriseSearchAssociationStatus: - type: string - health: - type: string - monitoringAssociationStatus: - additionalProperties: - type: string - type: object - observedGeneration: - format: int64 - type: integer - selector: - type: string - version: - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: nodes - type: integer - - jsonPath: .spec.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - count: - format: int32 - type: integer - elasticsearchRef: - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - http: - properties: - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - image: - type: string - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - version: - type: string - type: object - status: - properties: - associationStatus: - type: string - availableNodes: - format: int32 - type: integer - health: - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - served: false - storage: false ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: logstashes.logstash.k8s.elastic.co -spec: - group: logstash.k8s.elastic.co - names: - categories: - - elastic - kind: Logstash - listKind: LogstashList - plural: logstashes - shortNames: - - ls - singular: logstash - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - jsonPath: .status.availableNodes - name: available - type: integer - - jsonPath: .status.expectedNodes - name: expected - type: integer - - jsonPath: .metadata.creationTimestamp - name: age - type: date - - jsonPath: .status.version - name: version - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - properties: - secretName: - type: string - type: object - count: - format: int32 - type: integer - elasticsearchRefs: - items: - properties: - clusterName: - minLength: 1 - type: string - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - required: - - clusterName - type: object - type: array - image: - type: string - monitoring: - properties: - logs: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - metrics: - properties: - elasticsearchRefs: - items: - properties: - name: - type: string - namespace: - type: string - secretName: - type: string - serviceName: - type: string - type: object - type: array - type: object - type: object - pipelines: - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - pipelinesRef: - properties: - secretName: - type: string - type: object - podTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - revisionHistoryLimit: - format: int32 - type: integer - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - type: string - services: - items: - properties: - name: - type: string - service: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - allocateLoadBalancerNodePorts: - type: boolean - clusterIP: - type: string - clusterIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - internalTrafficPolicy: - type: string - ipFamilies: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - type: string - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - appProtocol: - type: string - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - type: boolean - selector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - trafficDistribution: - type: string - type: - type: string - type: object - type: object - tls: - properties: - certificate: - properties: - secretName: - type: string - type: object - selfSignedCertificate: - properties: - disabled: - type: boolean - subjectAltNames: - items: - properties: - dns: - type: string - ip: - type: string - type: object - type: array - type: object - type: object - type: object - type: array - updateStrategy: - properties: - rollingUpdate: - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - partition: - format: int32 - type: integer - type: object - type: - type: string - type: object - version: - type: string - volumeClaimTemplates: - items: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeAttributesClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - status: - properties: - accessModes: - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - type: string - modifyVolumeStatus: - properties: - status: - type: string - targetVolumeAttributesClassName: - type: string - required: - - status - type: object - phase: - type: string - type: object - type: object - type: array - required: - - version - type: object - status: - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: - type: string - type: object - expectedNodes: - format: int32 - type: integer - health: - type: string - monitoringAssociationStatus: - additionalProperties: - type: string - type: object - observedGeneration: - format: int64 - type: integer - selector: - type: string - version: - type: string - required: - - selector - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.expectedNodes - status: {} ---- -# Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - helm.sh/resource-policy: keep - labels: - app.kubernetes.io/instance: 'elastic-operator' - app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.16.1' - name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co -spec: - group: stackconfigpolicy.k8s.elastic.co - names: - categories: - - elastic - kind: StackConfigPolicy - listKind: StackConfigPolicyList - plural: stackconfigpolicies - shortNames: - - scp - singular: stackconfigpolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.readyCount - name: Ready - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - elasticsearch: - properties: - clusterSettings: - type: object - x-kubernetes-preserve-unknown-fields: true - config: - type: object - x-kubernetes-preserve-unknown-fields: true - indexLifecyclePolicies: - type: object - x-kubernetes-preserve-unknown-fields: true - indexTemplates: - properties: - componentTemplates: - type: object - x-kubernetes-preserve-unknown-fields: true - composableIndexTemplates: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - x-kubernetes-preserve-unknown-fields: true - ingestPipelines: - type: object - x-kubernetes-preserve-unknown-fields: true - secretMounts: - items: - properties: - mountPath: - type: string - secretName: - type: string - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - securityRoleMappings: - type: object - x-kubernetes-preserve-unknown-fields: true - snapshotLifecyclePolicies: - type: object - x-kubernetes-preserve-unknown-fields: true - snapshotRepositories: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - kibana: - properties: - config: - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - type: object - resourceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - secureSettings: - items: - properties: - entries: - items: - properties: - key: - type: string - path: - type: string - required: - - key - type: object - type: array - secretName: - type: string - required: - - secretName - type: object - type: array - type: object - status: - properties: - details: - additionalProperties: - additionalProperties: - properties: - currentVersion: - format: int64 - type: integer - error: - properties: - message: - type: string - version: - format: int64 - type: integer - type: object - expectedVersion: - format: int64 - type: integer - phase: - type: string - type: object - type: object - type: object - errors: - type: integer - observedGeneration: - format: int64 - type: integer - phase: - type: string - ready: - type: integer - readyCount: - type: string - resources: - type: integer - resourcesStatuses: - additionalProperties: - properties: - currentVersion: - format: int64 - type: integer - error: - properties: - message: - type: string - version: - format: int64 - type: integer - type: object - expectedVersion: - format: int64 - type: integer - phase: - type: string - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_amazoncloudintegrations.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_amazoncloudintegrations.yaml deleted file mode 100644 index 82752f8..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_amazoncloudintegrations.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - name: amazoncloudintegrations.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: AmazonCloudIntegration - listKind: AmazonCloudIntegrationList - plural: amazoncloudintegrations - singular: amazoncloudintegration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: - AmazonCloudIntegration is the Schema for the amazoncloudintegrations - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: AmazonCloudIntegrationSpec defines the desired state of AmazonCloudIntegration - properties: - awsRegion: - description: AWSRegion is the region in which your cluster is located. - type: string - defaultPodMetadataAccess: - description: - "DefaultPodMetadataAccess defines what the default behavior - will be for accessing the AWS metadata service from a pod. Default: - Denied" - enum: - - Allowed - - Denied - type: string - enforcedSecurityGroupID: - description: - EnforcedSecurityGroupID is the ID of the Security Group - which will be applied to all ENIs that are on a host that is also - part of the Kubernetes cluster. - type: string - nodeSecurityGroupIDs: - description: - NodeSecurityGroupIDs is a list of Security Group IDs - that all nodes and masters will be in. - items: - type: string - type: array - podSecurityGroupID: - description: - PodSecurityGroupID is the ID of the Security Group which - all pods should be placed in by default. - type: string - sqsURL: - description: - SQSURL is the SQS URL needed to access the Simple Queue - Service. - type: string - trustEnforcedSecurityGroupID: - description: - TrustEnforcedSecurityGroupID is the ID of the Security - Group which will be applied to all ENIs in the VPC. - type: string - vpcs: - description: - VPCS is a list of VPC IDs to monitor for ENIs and Security - Groups, only one is supported. - items: - type: string - type: array - type: object - status: - description: - AmazonCloudIntegrationStatus defines the observed state of - AmazonCloudIntegration - properties: - conditions: - description: - Conditions represents the latest observed set of conditions - for the component. A component may be one or more of Ready, Progressing, - Degraded or other customer types. - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: - lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: - message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: - observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: - reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: - type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: - AmazonCloudIntegration is the Schema for the amazoncloudintegrations - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: AmazonCloudIntegrationSpec defines the desired state of AmazonCloudIntegration - type: object - status: - description: - AmazonCloudIntegrationStatus defines the observed state of - AmazonCloudIntegration - type: object - type: object - served: false - storage: false - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_apiservers.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_apiservers.yaml deleted file mode 100644 index bd81885..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_apiservers.yaml +++ /dev/null @@ -1,2829 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: apiservers.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: APIServer - listKind: APIServerList - plural: apiservers - singular: apiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - APIServer installs the Tigera API server and related resources. At most one instance - of this resource is supported. It must be named "default" or "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired state for the Tigera API server. - properties: - apiServerDeployment: - description: |- - APIServerDeployment configures the calico-apiserver Deployment. If - used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides - take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the API server Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. - If omitted, the API server Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the API server Deployment - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the API server Deployment's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the API server pods. - If specified, this overrides any affinity that may be set on the API server Deployment. - If omitted, the API server Deployment will use its default value for affinity. - WARNING: Please note that this field will override the default API server Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of API server containers. - If specified, this overrides the specified API server Deployment containers. - If omitted, the API server Deployment will use its default values for its containers. - items: - description: - APIServerDeploymentContainer is an - API server Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the API server Deployment container by name. - Supported values are: calico-apiserver, tigera-queryserver, calico-l7-admission-controller - enum: - - calico-apiserver - - tigera-queryserver - - calico-l7-admission-controller - type: string - ports: - description: |- - Ports allows customization of container's ports. - If specified, this overrides the named APIServer Deployment container's ports. - If omitted, the API server Deployment will use its default value for this container's port. - items: - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - name: - description: |- - Name is an enum which identifies the API server Deployment Container port by name. - Supported values are: apiserver, queryserver, l7admctrl - enum: - - apiserver - - queryserver - - l7admctrl - type: string - required: - - containerPort - - name - type: object - type: array - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named API server Deployment container's resources. - If omitted, the API server Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of API server init containers. - If specified, this overrides the specified API server Deployment init containers. - If omitted, the API server Deployment will use its default values for its init containers. - items: - description: - APIServerDeploymentInitContainer is - an API server Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the API server Deployment init container by name. - Supported values are: calico-apiserver-certs-key-cert-provisioner - enum: - - calico-apiserver-certs-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named API server Deployment init container's resources. - If omitted, the API server Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the API server pod's scheduling constraints. - If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment - and each of this field's key/value pairs are added to the API server Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the API server Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default API server Deployment nodeSelector. - type: object - priorityClassName: - description: - PriorityClassName allows to specify a - PriorityClass resource to be used. - type: string - tolerations: - description: |- - Tolerations is the API server pod's tolerations. - If specified, this overrides any tolerations that may be set on the API server Deployment. - If omitted, the API server Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default API server Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - calicoWebhooksDeployment: - description: - CalicoWebhooksDeployment configures the calico-webhooks - Deployment. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-webhooks - Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-webhooks Deployment. - If omitted, the calico-webhooks Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-webhooks Deployment - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-webhooks Deployment's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-webhooks pods. - If specified, this overrides any affinity that may be set on the calico-webhooks Deployment. - If omitted, the calico-webhooks Deployment will use its default value for affinity. - WARNING: Please note that this field will override the default calico-webhooks Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-webhooks containers. - If specified, this overrides the specified calico-webhooks Deployment containers. - If omitted, the calico-webhooks Deployment will use its default values for its containers. - items: - description: - CalicoWebhooksDeploymentContainer is - a calico-webhooks Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the calico-webhooks Deployment container by name. - Supported values are: calico-webhooks - enum: - - calico-webhooks - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-webhooks Deployment container's resources. - If omitted, the calico-webhooks Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-webhooks pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-webhooks Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-webhooks Deployment - and each of this field's key/value pairs are added to the calico-webhooks Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-webhooks Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-webhooks Deployment nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-webhooks pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-webhooks Deployment. - If omitted, the calico-webhooks Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-webhooks Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - logging: - properties: - apiServer: - properties: - logSeverity: - default: Info - description: LogSeverity defines log level for APIServer container. - enum: - - Fatal - - Error - - Warn - - Info - - Debug - - Trace - type: string - type: object - queryServer: - properties: - logSeverity: - default: Info - description: - LogSeverity defines log level for QueryServer - container. - enum: - - Fatal - - Error - - Warn - - Info - - Debug - - Trace - type: string - type: object - type: object - type: object - status: - description: Most recently observed status for the Tigera API server. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' or 'tigera-secure' - rule: self.metadata.name == 'default' || self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_applicationlayers.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_applicationlayers.yaml deleted file mode 100644 index ea2be2e..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_applicationlayers.yaml +++ /dev/null @@ -1,385 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: applicationlayers.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: ApplicationLayer - listKind: ApplicationLayerList - plural: applicationlayers - singular: applicationlayer - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ApplicationLayer is the Schema for the applicationlayers API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApplicationLayerSpec defines the desired state of ApplicationLayer - properties: - applicationLayerPolicy: - description: |- - Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. - When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. - enum: - - Enabled - - Disabled - type: string - envoy: - description: User-configurable settings for the Envoy proxy. - properties: - useRemoteAddress: - default: false - description: |- - If set to true, the Envoy connection manager will use the real remote address - of the client connection when determining internal versus external origin and - manipulating various headers. - type: boolean - xffNumTrustedHops: - default: 0 - description: |- - The number of additional ingress proxy hops from the right side of the - x-forwarded-for HTTP header to trust when determining the origin client’s - IP address. 0 is permitted, but >=1 is the typical setting. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - l7LogCollectorDaemonSet: - description: - L7LogCollectorDaemonSet configures the L7LogCollector - DaemonSet. - properties: - spec: - description: Spec is the specification of the L7LogCollector DaemonSet. - properties: - template: - description: - Template describes the L7LogCollector DaemonSet - pod that will be created. - properties: - spec: - description: Spec is the L7LogCollector DaemonSet's PodSpec. - properties: - containers: - description: |- - Containers is a list of L7LogCollector DaemonSet containers. - If specified, this overrides the specified L7LogCollector DaemonSet containers. - If omitted, the L7LogCollector DaemonSet will use its default values for its containers. - items: - description: - L7LogCollectorDaemonSetContainer is - a L7LogCollector DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the L7LogCollector DaemonSet container by name. - Supported values are: l7-collector, envoy-proxy, dikastes - enum: - - l7-collector - - envoy-proxy - - dikastes - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named L7LogCollector DaemonSet container's resources. - If omitted, the L7LogCollector DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of L7LogCollector DaemonSet init containers. - If specified, this overrides the specified L7LogCollector DaemonSet init containers. - If omitted, the L7LogCollector DaemonSet will use its default values for its init containers. - items: - description: - L7LogCollectorDaemonSetInitContainer - is a L7LogCollector DaemonSet init container. - properties: - name: - description: - Name is an enum which identifies - the L7LogCollector DaemonSet init container - by name. - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named L7LogCollector DaemonSet init container's resources. - If omitted, the L7LogCollector DaemonSet will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - logCollection: - description: Specification for application layer (L7) log collection. - properties: - collectLogs: - description: |- - This setting enables or disable log collection. - Allowed values are Enabled or Disabled. - enum: - - Enabled - - Disabled - type: string - logIntervalSeconds: - description: |- - Interval in seconds for sending L7 log information for processing. - Default: 5 sec - format: int64 - type: integer - logRequestsPerInterval: - description: |- - Maximum number of unique L7 logs that are sent LogIntervalSeconds. - Adjust this to limit the number of L7 logs sent per LogIntervalSeconds - to felix for further processing, use negative number to ignore limits. - Default: -1 - format: int64 - type: integer - type: object - sidecarInjection: - description: |- - SidecarInjection controls whether or not sidecar injection is enabled for the cluster. - When enabled, pods with the label - "applicationlayer.projectcalico.org/sidecar"="true" will have their L7 functionality - such as WAF and ALP implemented using an injected sidecar instead of a per-host proxy. - The per-host proxy will continue to be used for pods without this label. - enum: - - Enabled - - Disabled - type: string - webApplicationFirewall: - description: |- - WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. - When enabled, Services may opt-in to having ingress traffic examed by ModSecurity. - enum: - - Enabled - - Disabled - type: string - type: object - status: - description: ApplicationLayerStatus defines the observed state of ApplicationLayer - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - sidecarWebhook: - description: - SidecarWebhook provides the state of sidecar injection - mutatinwebhookconfiguration - enum: - - Enabled - - Disabled - type: string - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_authentications.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_authentications.yaml deleted file mode 100644 index 30ee721..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_authentications.yaml +++ /dev/null @@ -1,495 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: authentications.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Authentication is the Schema for the authentications API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AuthenticationSpec defines the desired state of Authentication - properties: - dexDeployment: - description: DexDeployment configures the Dex Deployment. - properties: - spec: - description: Spec is the specification of the Dex Deployment. - properties: - template: - description: - Template describes the Dex Deployment pod that - will be created. - properties: - spec: - description: Spec is the Dex Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of Dex containers. - If specified, this overrides the specified Dex Deployment containers. - If omitted, the Dex Deployment will use its default values for its containers. - items: - description: - DexDeploymentContainer is a Dex Deployment - container. - properties: - name: - description: |- - Name is an enum which identifies the Dex Deployment container by name. - Supported values are: tigera-dex - enum: - - tigera-dex - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Dex Deployment container's resources. - If omitted, the Dex Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of Dex init containers. - If specified, this overrides the specified Dex Deployment init containers. - If omitted, the Dex Deployment will use its default values for its init containers. - items: - description: - DexDeploymentInitContainer is a Dex - Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the Dex Deployment init container by name. - Supported values are: tigera-dex-tls-key-cert-provisioner - enum: - - tigera-dex-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Dex Deployment init container's resources. - If omitted, the Dex Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - groupsPrefix: - description: |- - If specified, GroupsPrefix is prepended to each group obtained from the identity provider. Note that - Kibana does not support a groups prefix, so this prefix is removed from Kubernetes Groups when translating log access - ClusterRoleBindings into Elastic. - type: string - ldap: - description: - LDAP contains the configuration needed to setup LDAP - authentication. - properties: - groupSearch: - description: - Group search configuration to find the groups that - a user is in. - properties: - baseDN: - description: - BaseDN to start the search from. For example - "cn=groups,dc=example,dc=com" - type: string - filter: - description: |- - Optional filter to apply when searching the directory. - For example "(objectClass=posixGroup)" - type: string - nameAttribute: - description: - The attribute of the group that represents its - name. This attribute can be used to apply RBAC to a user - group. - type: string - userMatchers: - description: |- - Following list contains field pairs that are used to match a user to a group. It adds an additional - requirement to the filter that an attribute in the group must match the user's - attribute value. - items: - description: - UserMatch when the value of a UserAttribute - and a GroupAttribute match, a user belongs to the group. - properties: - groupAttribute: - description: - The attribute of a group that links it - to a user. - type: string - userAttribute: - description: - The attribute of a user that links it to - a group. - type: string - required: - - groupAttribute - - userAttribute - type: object - type: array - required: - - baseDN - - nameAttribute - - userMatchers - type: object - host: - description: "The host and port of the LDAP server. Example: ad.example.com:636" - type: string - startTLS: - description: |- - StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. - If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use - the ldaps:// protocol. - type: boolean - userSearch: - description: - User entry search configuration to match the credentials - with a user. - properties: - baseDN: - description: - BaseDN to start the search from. For example - "cn=users,dc=example,dc=com" - type: string - filter: - description: - Optional filter to apply when searching the directory. - For example "(objectClass=person)" - type: string - nameAttribute: - description: |- - A mapping of the attribute that is used as the username. This attribute can be used to apply RBAC to a user. - Default: uid - type: string - required: - - baseDN - type: object - required: - - host - - userSearch - type: object - managerDomain: - description: ManagerDomain is the domain name of the Manager - type: string - oidc: - description: - OIDC contains the configuration needed to setup OIDC - authentication. - properties: - emailVerification: - description: |- - Some providers do not include the claim "email_verified" when there is no verification in the user enrollment - process or if they are acting as a proxy for another identity provider. By default those tokens are deemed invalid. - To skip this check, set the value to "InsecureSkip". - Default: Verify - enum: - - Verify - - InsecureSkip - type: string - groupsClaim: - description: - GroupsClaim specifies which claim to use from the - OIDC provider as the group. - type: string - groupsPrefix: - description: - Deprecated. Please use Authentication.Spec.GroupsPrefix - instead. - type: string - issuerURL: - description: IssuerURL is the URL to the OIDC provider. - type: string - promptTypes: - description: |- - PromptTypes is an optional list of string values that specifies whether the identity provider prompts the end user - for re-authentication and consent. See the RFC for more information on prompt types: - https://openid.net/specs/openid-connect-core-1_0.html. - Default: "Consent" - items: - description: |- - PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and - consent. - One of: None, Login, Consent, SelectAccount. - enum: - - None - - Login - - Consent - - SelectAccount - type: string - type: array - requestedScopes: - description: |- - RequestedScopes is a list of scopes to request from the OIDC provider. If not provided, the following scopes are - requested: ["openid", "email", "profile", "groups", "offline_access"]. - items: - type: string - type: array - type: - description: 'Default: "Dex"' - enum: - - Dex - - Tigera - type: string - usernameClaim: - description: - UsernameClaim specifies which claim to use from the - OIDC provider as the username. - type: string - usernamePrefix: - description: - Deprecated. Please use Authentication.Spec.UsernamePrefix - instead. - type: string - required: - - issuerURL - - usernameClaim - type: object - openshift: - description: - Openshift contains the configuration needed to setup - Openshift OAuth authentication. - properties: - issuerURL: - description: - "IssuerURL is the URL to the Openshift OAuth provider. - Ex.: https://api.my-ocp-domain.com:6443" - type: string - required: - - issuerURL - type: object - usernamePrefix: - description: |- - If specified, UsernamePrefix is prepended to each user obtained from the identity provider. Note that - Kibana does not support a user prefix, so this prefix is removed from Kubernetes User when translating log access - ClusterRoleBindings into Elastic. - type: string - required: - - managerDomain - type: object - status: - description: AuthenticationStatus defines the observed state of Authentication - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_compliances.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_compliances.yaml deleted file mode 100644 index 8fead53..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_compliances.yaml +++ /dev/null @@ -1,1064 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: compliances.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Compliance - listKind: ComplianceList - plural: compliances - singular: compliance - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Compliance installs the components required for Tigera compliance reporting. At most one instance - of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - Specification of the desired state for Tigera compliance - reporting. - properties: - complianceBenchmarkerDaemonSet: - description: - ComplianceBenchmarkerDaemonSet configures the Compliance - Benchmarker DaemonSet. - properties: - spec: - description: - Spec is the specification of the Compliance Benchmarker - DaemonSet. - properties: - template: - description: - Template describes the Compliance Benchmarker - DaemonSet pod that will be created. - properties: - spec: - description: - Spec is the Compliance Benchmarker DaemonSet's - PodSpec. - properties: - containers: - description: |- - Containers is a list of Compliance benchmark containers. - If specified, this overrides the specified Compliance Benchmarker DaemonSet containers. - If omitted, the Compliance Benchmarker DaemonSet will use its default values for its containers. - items: - description: - ComplianceBenchmarkerDaemonSetContainer - is a Compliance Benchmarker DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the Compliance Benchmarker DaemonSet container by name. - Supported values are: compliance-benchmarker - enum: - - compliance-benchmarker - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Compliance Benchmarker DaemonSet container's resources. - If omitted, the Compliance Benchmarker DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of Compliance benchmark init containers. - If specified, this overrides the specified Compliance Benchmarker DaemonSet init containers. - If omitted, the Compliance Benchmarker DaemonSet will use its default values for its init containers. - items: - description: - ComplianceBenchmarkerDaemonSetInitContainer - is a Compliance Benchmarker DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the Compliance Benchmarker DaemonSet init container by name. - Supported values are: tigera-compliance-benchmarker-tls-key-cert-provisioner - enum: - - tigera-compliance-benchmarker-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Compliance Benchmarker DaemonSet init container's resources. - If omitted, the Compliance Benchmarker DaemonSet will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - complianceControllerDeployment: - description: - ComplianceControllerDeployment configures the Compliance - Controller Deployment. - properties: - spec: - description: - Spec is the specification of the compliance controller - Deployment. - properties: - template: - description: - Template describes the compliance controller - Deployment pod that will be created. - properties: - spec: - description: - Spec is the compliance controller Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of compliance controller containers. - If specified, this overrides the specified compliance controller Deployment containers. - If omitted, the compliance controller Deployment will use its default values for its containers. - items: - description: - ComplianceControllerDeploymentContainer - is a compliance controller Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the compliance controller Deployment container by name. - Supported values are: compliance-controller - enum: - - compliance-controller - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named compliance controller Deployment container's resources. - If omitted, the compliance controller Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of compliance controller init containers. - If specified, this overrides the specified compliance controller Deployment init containers. - If omitted, the compliance controller Deployment will use its default values for its init containers. - items: - description: - ComplianceControllerDeploymentInitContainer - is a compliance controller Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the compliance controller Deployment init container by name. - Supported values are: tigera-compliance-controller-tls-key-cert-provisioner - enum: - - tigera-compliance-controller-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named compliance controller Deployment init container's resources. - If omitted, the compliance controller Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - complianceReporterPodTemplate: - description: - ComplianceReporterPodTemplate configures the Compliance - Reporter PodTemplate. - properties: - template: - description: - Spec is the specification of the ComplianceReporter - PodTemplateSpec. - properties: - spec: - description: - Spec is the ComplianceReporter PodTemplate's - PodSpec. - properties: - containers: - description: |- - Containers is a list of ComplianceServer containers. - If specified, this overrides the specified ComplianceReporter PodSpec containers. - If omitted, the ComplianceServer Deployment will use its default values for its containers. - items: - description: - ComplianceReporterPodTemplateContainer - is a ComplianceServer Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the ComplianceServer Deployment container by name. - Supported values are: reporter - enum: - - reporter - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ComplianceServer Deployment container's resources. - If omitted, the ComplianceServer Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of ComplianceReporter PodSpec init containers. - If specified, this overrides the specified ComplianceReporter PodSpec init containers. - If omitted, the ComplianceServer Deployment will use its default values for its init containers. - items: - description: - ComplianceReporterPodTemplateInitContainer - is a ComplianceServer Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the ComplianceReporter PodSpec init container by name. - Supported values are: tigera-compliance-reporter-tls-key-cert-provisioner - enum: - - tigera-compliance-reporter-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ComplianceReporter PodSpec init container's resources. - If omitted, the ComplianceServer Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - complianceServerDeployment: - description: - ComplianceServerDeployment configures the Compliance - Server Deployment. - properties: - spec: - description: - Spec is the specification of the ComplianceServer - Deployment. - properties: - template: - description: - Template describes the ComplianceServer Deployment - pod that will be created. - properties: - spec: - description: - Spec is the ComplianceServer Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of ComplianceServer containers. - If specified, this overrides the specified ComplianceServer Deployment containers. - If omitted, the ComplianceServer Deployment will use its default values for its containers. - items: - description: - ComplianceServerDeploymentContainer - is a ComplianceServer Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the ComplianceServer Deployment container by name. - Supported values are: compliance-server - enum: - - compliance-server - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ComplianceServer Deployment container's resources. - If omitted, the ComplianceServer Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of ComplianceServer init containers. - If specified, this overrides the specified ComplianceServer Deployment init containers. - If omitted, the ComplianceServer Deployment will use its default values for its init containers. - items: - description: - ComplianceServerDeploymentInitContainer - is a ComplianceServer Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the ComplianceServer Deployment init container by name. - Supported values are: tigera-compliance-server-tls-key-cert-provisioner - enum: - - tigera-compliance-server-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ComplianceServer Deployment init container's resources. - If omitted, the ComplianceServer Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - complianceSnapshotterDeployment: - description: - ComplianceSnapshotterDeployment configures the Compliance - Snapshotter Deployment. - properties: - spec: - description: - Spec is the specification of the compliance snapshotter - Deployment. - properties: - template: - description: - Template describes the compliance snapshotter - Deployment pod that will be created. - properties: - spec: - description: - Spec is the compliance snapshotter Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of compliance snapshotter containers. - If specified, this overrides the specified compliance snapshotter Deployment containers. - If omitted, the compliance snapshotter Deployment will use its default values for its containers. - items: - description: - ComplianceSnapshotterDeploymentContainer - is a compliance snapshotter Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the compliance snapshotter Deployment container by name. - Supported values are: compliance-snapshotter - enum: - - compliance-snapshotter - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named compliance snapshotter Deployment container's resources. - If omitted, the compliance snapshotter Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of compliance snapshotter init containers. - If specified, this overrides the specified compliance snapshotter Deployment init containers. - If omitted, the compliance snapshotter Deployment will use its default values for its init containers. - items: - description: - ComplianceSnapshotterDeploymentInitContainer - is a compliance snapshotter Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the compliance snapshotter Deployment init container by name. - Supported values are: tigera-compliance-snapshotter-tls-key-cert-provisioner - enum: - - tigera-compliance-snapshotter-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named compliance snapshotter Deployment init container's resources. - If omitted, the compliance snapshotter Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: Most recently observed state for Tigera compliance reporting. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_egressgateways.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_egressgateways.yaml deleted file mode 100644 index 74f8a75..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_egressgateways.yaml +++ /dev/null @@ -1,1669 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: egressgateways.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: EgressGateway - listKind: EgressGatewayList - plural: egressgateways - singular: egressgateway - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: EgressGateway is the Schema for the egressgateways API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: EgressGatewaySpec defines the desired state of EgressGateway - properties: - aws: - description: - AWS defines the additional configuration options for - Egress Gateways on AWS. - properties: - elasticIPs: - description: |- - ElasticIPs defines the set of elastic IPs that can be used for Egress Gateway pods. - NativeIP must be Enabled if elastic IPs are set. - items: - type: string - type: array - nativeIP: - description: |- - NativeIP defines if EgressGateway is to use an AWS backed IPPool. - Default: Disabled - enum: - - Enabled - - Disabled - type: string - type: object - egressGatewayFailureDetection: - description: |- - EgressGatewayFailureDetection is used to configure how Egress Gateway - determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one - HTTP probe should succeed for Egress Gateways to become ready. - Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become - ready if configured. - properties: - healthTimeoutDataStoreSeconds: - default: 90 - description: |- - HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect - to the datastore before reporting not ready. - This value must be greater than 0. - Default: 90 - format: int32 - maximum: 2147483647 - minimum: 1 - type: integer - httpProbe: - description: |- - HTTPProbe define outgoing HTTP probes that Egress Gateway will use to - verify its upsteam connection. Egress Gateway will report not ready if all - fail. Timeout must be greater than interval. - properties: - intervalSeconds: - default: 10 - description: |- - IntervalSeconds defines the interval of HTTP probes. Used when URLs is non-empty. - Default: 10 - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - timeoutSeconds: - default: 30 - description: |- - TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. - Default: 30 - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - urls: - description: |- - URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL - periodically.If all probes fail, Egress Gateway will report non-ready. - items: - type: string - type: array - required: - - urls - type: object - icmpProbe: - description: |- - ICMPProbe define outgoing ICMP probes that Egress Gateway will use to - verify its upstream connection. Egress Gateway will report not ready if all - fail. Timeout must be greater than interval. - properties: - intervalSeconds: - default: 5 - description: |- - IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. - Default: 5 - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - ips: - description: |- - IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP - periodically. If all probes fail, Egress Gateway will report non-ready. - items: - type: string - type: array - timeoutSeconds: - default: 15 - description: |- - TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. - Default: 15 - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - required: - - ips - type: object - type: object - externalNetworks: - description: |- - ExternalNetworks defines the external network names this Egress Gateway is - associated with. - ExternalNetworks must match existing external networks. - items: - type: string - type: array - ipPools: - description: |- - IPPools defines the IP Pools that the Egress Gateway pods should be using. - Either name or CIDR must be specified. - IPPools must match existing IPPools. - items: - properties: - cidr: - description: - CIDR is the IPPool CIDR that the Egress Gateways - can use. - type: string - name: - description: - Name is the name of the IPPool that the Egress - Gateways can use. - type: string - type: object - type: array - logSeverity: - default: Info - description: LogSeverity defines the logging level of the Egress Gateway. - enum: - - Fatal - - Error - - Warn - - Info - - Debug - - Trace - type: string - replicas: - default: 1 - description: - Replicas defines how many instances of the Egress Gateway - pod will run. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the EGW Deployment pod that will be - created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replica set and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - If not specified will default to projectcalico.org/egw:[name], where [name] is - the name of the Egress Gateway resource. - type: object - type: object - spec: - description: Spec is the EGW Deployment's PodSpec. - properties: - affinity: - description: - Affinity is a group of affinity scheduling rules - for the EGW pods. - properties: - nodeAffinity: - description: - Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of EGW containers. - If specified, this overrides the specified EGW Deployment containers. - If omitted, the EGW Deployment will use its default values for its containers. - items: - description: - EGWDeploymentContainer is a Egress Gateway - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the EGW Deployment container by name. - Supported values are: egress-gateway - enum: - - egress-gateway - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named EGW Deployment container's resources. - If omitted, the EGW Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of EGW init containers. - If specified, this overrides the specified EGW Deployment init containers. - If omitted, the EGW Deployment will use its default values for its init containers. - items: - description: - EGWDeploymentInitContainer is a Egress Gateway - Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the EGW Deployment init container by name. - Supported values are: egress-gateway-init - enum: - - egress-gateway-init - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named EGW Deployment init container's resources. - If omitted, the EGW Deployment will use its default value for this init container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector gives more control over the nodes - where the Egress Gateway pods will run on. - type: object - priorityClassName: - description: - PriorityClassName allows to specify a PriorityClass - resource to be used. - type: string - terminationGracePeriodSeconds: - description: - TerminationGracePeriodSeconds defines the termination - grace period of the Egress Gateway pods in seconds. - format: int64 - minimum: 0 - type: integer - tolerations: - description: |- - Tolerations is the egress gateway pod's tolerations. - If specified, this overrides any tolerations that may be set on the EGW Deployment. - If omitted, the EGW Deployment will use its default value for tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: - TopologySpreadConstraints defines how the Egress - Gateway pods should be spread across different AZs. - items: - description: - TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - required: - - ipPools - type: object - status: - description: EgressGatewayStatus defines the observed state of EgressGateway - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_gatewayapis.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_gatewayapis.yaml deleted file mode 100644 index 7a8c71c..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_gatewayapis.yaml +++ /dev/null @@ -1,5465 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: gatewayapis.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: GatewayAPI - listKind: GatewayAPIList - plural: gatewayapis - singular: gatewayapi - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - GatewayAPISpec has fields that can be used to customize our - GatewayAPI support. - properties: - crdManagement: - description: |- - Configures how to manage and update Gateway API CRDs. The default behaviour - which is - used when this field is not set, or is set to "PreferExisting" - is that the Tigera - operator will create the Gateway API CRDs if they do not already exist, but will not - overwrite any existing Gateway API CRDs. This setting may be preferable if the customer - is using other implementations of the Gateway API concurrently with the Gateway API - support in Calico Enterprise. It is then the customer's responsibility to ensure that - CRDs are installed that meet the needs of all the Gateway API implementations in their - cluster. - Alternatively, if this field is set to "Reconcile", the Tigera operator will keep the - cluster's Gateway API CRDs aligned with those that it would install on a cluster that - does not yet have any version of those CRDs. - enum: - - Reconcile - - PreferExisting - type: string - envoyGatewayConfigRef: - description: |- - Reference to a custom EnvoyGateway YAML to use as the base EnvoyGateway configuration for - the gateway controller. When specified, must identify a ConfigMap resource with an - "envoy-gateway.yaml" key whose value is the desired EnvoyGateway YAML (i.e. following the - same pattern as the default `envoy-gateway-config` ConfigMap). - When not specified, the Tigera operator uses the `envoy-gateway-config` from the Envoy - Gateway helm chart as its base. - Starting from that base, the Tigera operator copies and modifies the EnvoyGateway - resource as follows: - 1. If not already specified, it sets the ControllerName to - "gateway.envoyproxy.io/gatewayclass-controller". - 2. It configures the `tigera/envoy-gateway` and `tigera/envoy-ratelimit` images that will - be used (according to the current Calico version, private registry and image set - settings) and any pull secrets that are needed to pull those images. - 3. It enables use of the Backend API. - The resulting EnvoyGateway is provisioned as the `envoy-gateway-config` ConfigMap (which - the gateway controller then uses as its config). - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - type: object - gatewayCertgenJob: - description: Allows customization of the gateway certgen job. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into the - job's top-level metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - GatewayCertgenJobSpec allows customization of the - gateway certgen job spec. - properties: - template: - description: - GatewayCertgenJobPodTemplate allows customization - of the gateway certgen job's pod template. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into the - job's pod template. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - GatewayCertgenJobPodSpec allows customization - of the gateway certgen job's pod spec. - properties: - affinity: - description: - If non-nil, Affinity sets the affinity - field of the job's pod template. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - items: - description: |- - GatewayCertgenJobContainer allows customization of the gateway certgen job's resource - requirements. - properties: - name: - enum: - - envoy-gateway-certgen - type: string - resources: - description: |- - If non-nil, Resources sets the ResourceRequirements of the job's "envoy-gateway-certgen" - container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - If non-nil, NodeSelector sets the node - selector for where job pods may be scheduled. - type: object - tolerations: - description: - If non-nil, Tolerations sets the tolerations - field of the job's pod template. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - gatewayClasses: - description: |- - Configures the GatewayClasses that will be available; please see GatewayClassSpec for - more detail. If GatewayClasses is nil, the Tigera operator defaults to provisioning a - single GatewayClass named "tigera-gateway-class", without any of the detailed - customizations that are allowed within GatewayClassSpec. - items: - properties: - envoyProxyRef: - description: |- - Reference to a custom EnvoyProxy resource to use as the base EnvoyProxy configuration for - this GatewayClass. When specified, must identify an EnvoyProxy resource. - When not specified, the Tigera operator uses an empty EnvoyProxy resource as its base. - Starting from that base, the Tigera operator copies and modifies the EnvoyProxy resource - as follows, in the order described: - 1. It configures the `tigera/envoy-proxy` image that will be used (according to the - current Calico version, private registry and image set settings) and any pull secrets - that are needed to pull that image. - 2. It applies customizations as specified by the following `GatewayKind`, - `GatewayDeployment`, `GatewayDaemonSet` and `GatewayService` fields. - The resulting EnvoyProxy is provisioned in the `tigera-gateway` namespace, together with - a GatewayClass that references it. - If a custom EnvoyProxy resource is specified and uses `EnvoyDaemonSet` instead of the - default `EnvoyDeployment`, deployment-related customizations will be applied within - `EnvoyDaemonSet` instead of within `EnvoyDeployment`. - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - type: object - gatewayDaemonSet: - description: |- - Allows customization of Gateways when deployed as Kubernetes DaemonSets, for Gateways in - this GatewayClass. - properties: - spec: - description: - GatewayDeploymentSpec allows customization - of the spec of gateway daemonsets. - properties: - template: - description: - GatewayDeploymentPodTemplate allows customization - of the pod template of gateway daemonsets. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into each - daemonset's pod template. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - GatewayDaemonSetPodSpec allows customization - of the pod spec of gateway daemonsets. - properties: - affinity: - description: - If non-nil, Affinity sets the affinity - field of the daemonset's pod template. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by - node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by - node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of - node selector terms. The terms - are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by - node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by - node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - items: - description: |- - GatewayDaemonSetContainer allows customization of the resource requirements of gateway - daemonsets. - properties: - name: - enum: - - envoy - type: string - resources: - description: |- - If non-nil, Resources sets the ResourceRequirements of the daemonset's "envoy" - container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - If non-nil, NodeSelector sets the node selector for where daemonset pods may be - scheduled. - type: object - tolerations: - description: - If non-nil, Tolerations sets the - tolerations field of the daemonset's pod template. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - If non-nil, TopologySpreadConstraints sets the topology spread constraints of the - daemonset's pod template. TopologySpreadConstraints describes how a group of pods ought - to spread across topology domains. Scheduler will schedule pods in a way which abides by - the constraints. All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - gatewayDeployment: - description: |- - Allows customization of Gateways when deployed as Kubernetes Deployments, for Gateways in - this GatewayClass. - properties: - spec: - description: - GatewayDeploymentSpec allows customization - of the spec of gateway deployments. - properties: - replicas: - description: - If non-nil, Replicas sets the number of - replicas for the deployment. - format: int32 - type: integer - strategy: - description: - The deployment strategy to use to replace - existing pods with new ones. - properties: - rollingUpdate: - description: - Spec to control the desired behavior - of rolling update. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be scheduled above the desired number of - pods. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - the rolling update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that total number of pods running - at any time during the update is at most 130% of desired pods. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - that the total number of pods available at all times during the update is at - least 70% of desired pods. - x-kubernetes-int-or-string: true - type: object - type: object - template: - description: - GatewayDeploymentPodTemplate allows customization - of the pod template of gateway deployments. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into each - deployment's pod template. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - GatewayDeploymentPodSpec allows customization - of the pod spec of gateway deployments. - properties: - affinity: - description: - If non-nil, Affinity sets the affinity - field of the deployment's pod template. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by - node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by - node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of - node selector terms. The terms - are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by - node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by - node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key - is the label key - that the selector - applies to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - items: - description: |- - GatewayDeploymentContainer allows customization of the resource requirements of gateway - deployments. - properties: - name: - enum: - - envoy - type: string - resources: - description: |- - If non-nil, Resources sets the ResourceRequirements of the deployment's "envoy" - container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - If non-nil, NodeSelector sets the node selector for where deployment pods may be - scheduled. - type: object - tolerations: - description: - If non-nil, Tolerations sets the - tolerations field of the deployment's pod - template. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - If non-nil, TopologySpreadConstraints sets the topology spread constraints of the - deployment's pod template. TopologySpreadConstraints describes how a group of pods ought - to spread across topology domains. Scheduler will schedule pods in a way which abides by - the constraints. All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - gatewayKind: - description: |- - Specifies whether Gateways in this class are deployed as Deployments (default) or as - DaemonSets. It is an error for GatewayKind to specify a choice that is incompatible with - the custom EnvoyProxy, when EnvoyProxyRef is also specified. - enum: - - Deployment - - DaemonSet - type: string - gatewayService: - description: - Allows customization of gateway services, for Gateways - in this GatewayClass. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into the - each Gateway Service's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: |- - GatewayServiceSpec allows customization of the services that front gateway deployments. - The LoadBalancer fields allow customization of the corresponding fields in the Kubernetes - ServiceSpec. These can be used for some cloud-independent control of the external load balancer - that is provisioned for each Gateway. For finer-grained cloud-specific control please use - the Metadata.Annotations field in GatewayService. - properties: - allocateLoadBalancerNodePorts: - type: boolean - loadBalancerClass: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - type: object - type: object - name: - description: The name of this GatewayClass. - type: string - required: - - name - type: object - type: array - gatewayControllerDeployment: - description: Allows customization of the gateway controller deployment. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into the - deployment's top-level metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - GatewayControllerDeploymentSpec allows customization - of the gateway controller deployment spec. - properties: - minReadySeconds: - description: - If non-nil, MinReadySeconds sets the minReadySeconds - field for the deployment. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - replicas: - description: - If non-nil, Replicas sets the number of replicas - for the deployment. - format: int32 - type: integer - template: - description: |- - GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment - pod template. - properties: - metadata: - description: |- - If non-nil, non-clashing labels and annotations from this metadata are added into the - deployment's pod template. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: |- - GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod - spec. - properties: - affinity: - description: - If non-nil, Affinity sets the affinity - field of the deployment's pod template. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - items: - description: |- - GatewayControllerDeploymentContainer allows customization of the gateway controller's resource - requirements. - properties: - name: - enum: - - envoy-gateway - type: string - resources: - description: |- - If non-nil, Resources sets the ResourceRequirements of the controller's "envoy-gateway" - container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - If non-nil, NodeSelector sets the node selector for where deployment pods may be - scheduled. - type: object - tolerations: - description: - If non-nil, Tolerations sets the tolerations - field of the deployment's pod template. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - If non-nil, TopologySpreadConstraints sets the topology spread constraints of the - deployment's pod template. TopologySpreadConstraints describes how a group of pods ought - to spread across topology domains. Scheduler will schedule pods in a way which abides by - the constraints. All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' - rule: self.metadata.name == 'default' || self.metadata.name == 'tigera-secure' - served: true - storage: true diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_goldmanes.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_goldmanes.yaml deleted file mode 100644 index 58f329f..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_goldmanes.yaml +++ /dev/null @@ -1,1520 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: goldmanes.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Goldmane - listKind: GoldmaneList - plural: goldmanes - singular: goldmane - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - goldmaneDeployment: - description: - GoldmaneDeployment is the configuration for the goldmane - Deployment. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the goldmane Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the goldmane Deployment. - If omitted, the goldmane Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - strategy: - description: - The deployment strategy to use to replace existing - pods with new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if DeploymentStrategyType = - RollingUpdate. - to be. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be scheduled above the desired number of - pods. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - the rolling update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that total number of pods running - at any time during the update is at most 130% of desired pods. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - that the total number of pods available at all times during the update is at - least 70% of desired pods. - x-kubernetes-int-or-string: true - type: object - type: object - template: - description: - Template describes the goldmane Deployment pod - that will be created. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the goldmane Deployment's PodSpec. - properties: - affinity: - description: - Affinity is a group of affinity scheduling - rules for the goldmane pods. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of goldmane containers. - If specified, this overrides the specified EGW Deployment containers. - If omitted, the goldmane Deployment will use its default values for its containers. - items: - properties: - name: - enum: - - goldmane - type: string - resources: - description: - ResourceRequirements describes - the compute resource requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector gives more control over - the nodes where the goldmane pods will run on. - type: object - priorityClassName: - description: - PriorityClassName allows to specify a - PriorityClass resource to be used. - type: string - terminationGracePeriodSeconds: - description: - TerminationGracePeriodSeconds defines - the termination grace period of the goldmane pods - in seconds. - format: int64 - minimum: 0 - type: integer - tolerations: - description: |- - Tolerations is the goldmane pod's tolerations. - If specified, this overrides any tolerations that may be set on the goldmane Deployment. - If omitted, the goldmane Deployment will use its default value for tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: GoldmaneStatus defines the observed state of Goldmane - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' - rule: self.metadata.name == 'default' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_imagesets.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_imagesets.yaml deleted file mode 100644 index 552c7ab..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_imagesets.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: imagesets.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: ImageSet - listKind: ImageSetList - plural: imagesets - singular: imageset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - ImageSet is used to specify image digests for the images that the operator deploys. - The name of the ImageSet is expected to be in the format `-`. - The `variant` used is `enterprise` if the InstallationSpec Variant is - `TigeraSecureEnterprise` otherwise it is `calico`. - The `release` must match the version of the variant that the operator is built to deploy, - this version can be obtained by passing the `--version` flag to the operator binary. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ImageSetSpec defines the desired state of ImageSet. - properties: - images: - description: |- - Images is the list of images to use digests. All images that the operator will deploy - must be specified. - items: - properties: - digest: - description: |- - Digest is the image identifier that will be used for the Image. - The field should not include a leading `@` and must be prefixed with `sha256:`. - type: string - image: - description: |- - Image is an image that the operator deploys and instead of using the built in tag - the operator will use the Digest for the image identifier. - The value should be the *original* image name without registry or tag or digest. - For the image `docker.io/calico/node:v3.17.1` it should be represented as `calico/node` - The "Installation" spec allows defining custom image registries, paths or prefixes. - Even for custom images such as example.com/custompath/customprefix-calico-node:v3.17.1, - this value should still be `calico/node`. - type: string - required: - - digest - - image - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_installations.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_installations.yaml deleted file mode 100644 index c51e845..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_installations.yaml +++ /dev/null @@ -1,17850 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: installations.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Installation - listKind: InstallationList - plural: installations - singular: installation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Installation configures an installation of Calico or Calico Enterprise. At most one instance - of this resource is supported. It must be named "default". The Installation API installs core networking - and network policy components, and provides general install-time configuration. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - Specification of the desired state for the Calico or Calico - Enterprise installation. - properties: - azure: - description: Azure is used to configure azure provider specific options. - properties: - policyMode: - default: Default - description: |- - PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. - The Default option adds the "control-plane" label to the required namespaces. - The Manual option does not apply the "control-plane" label to any namespace. - Default: Default - enum: - - Default - - Manual - type: string - type: object - calicoKubeControllersDeployment: - description: |- - CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in - conjunction with the deprecated ComponentResources, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-kube-controllers - Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-kube-controllers - Deployment pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-kube-controllers Deployment's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. - If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for affinity. - WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-kube-controllers containers. - If specified, this overrides the specified calico-kube-controllers Deployment containers. - If omitted, the calico-kube-controllers Deployment will use its default values for its containers. - items: - description: - CalicoKubeControllersDeploymentContainer - is a calico-kube-controllers Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the calico-kube-controllers Deployment container by name. - Supported values are: calico-kube-controllers, es-calico-kube-controllers - enum: - - calico-kube-controllers - - es-calico-kube-controllers - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-kube-controllers Deployment container's resources. - If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-kube-controllers pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment - and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-kube-controllers pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoNetwork: - description: - CalicoNetwork specifies networking configuration options - for Calico. - properties: - bgp: - description: - BGP configures whether or not to enable Calico's - BGP capabilities. - enum: - - Enabled - - Disabled - type: string - bpfNetworkBootstrap: - description: |- - BPFNetworkBootstrap manages the initial networking setup required to configure the BPF dataplane. - When enabled, the operator tries to bootstraps access to the Kubernetes API Server - by using the Kubernetes service and its associated endpoints. - This field should be enabled only if linuxDataplane is set to "BPF". - If another dataplane is selected, this field must be omitted or explicitly set to Disabled. - When disabled and linuxDataplane is BPF, you must manually provide the Kubernetes API Server - information via the "kubernetes-service-endpoint" ConfigMap. It is invalid to use both the ConfigMap - and have this field set to true at the same time. - Default: Disabled - enum: - - Disabled - - Enabled - type: string - containerIPForwarding: - description: |- - ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. - Default: Disabled - enum: - - Enabled - - Disabled - type: string - hostPorts: - description: |- - HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. - Default: Enabled - enum: - - Enabled - - Disabled - type: string - ipPools: - description: |- - IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool - will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead - wait for IP pools to be created out-of-band. - IP pools in this list will be reconciled by the operator and should not be modified out-of-band. - items: - properties: - allowedUses: - description: |- - AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to - ["Tunnel", "Workload"] for back-compatibility - items: - type: string - type: array - assignmentMode: - description: - AssignmentMode determines if IP addresses from - this pool should be assigned automatically or on request - only - type: string - blockSize: - description: |- - BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from - the main IP pool CIDR. - Default: 26 (IPv4), 122 (IPv6) - format: int32 - type: integer - cidr: - description: - CIDR contains the address range for the IP - Pool in classless inter-domain routing format. - type: string - disableBGPExport: - default: false - description: |- - DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP. - Default: false - type: boolean - disableNewAllocations: - description: |- - DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. - This is useful when you want to prevent new pods from receiving IP addresses from this pool, without - impacting any existing pods that have already been assigned addresses from this pool. - type: boolean - encapsulation: - description: |- - Encapsulation specifies the encapsulation type that will be used with - the IP Pool. - Default: IPIP - enum: - - IPIPCrossSubnet - - IPIP - - VXLAN - - VXLANCrossSubnet - - None - type: string - name: - description: - Name is the name of the IP pool. If omitted, - this will be generated. - type: string - natOutgoing: - description: |- - NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. - Default: Enabled - enum: - - Enabled - - Disabled - type: string - nodeSelector: - description: |- - NodeSelector specifies the node selector that will be set for the IP Pool. - Default: 'all()' - type: string - required: - - cidr - type: object - maxItems: 25 - type: array - kubeProxyManagement: - description: |- - KubeProxyManagement controls whether the operator manages the kube-proxy DaemonSet. - When enabled, the operator will manage the DaemonSet by patching it: - it disables kube-proxy if the dataplane is BPF, or enables it otherwise. - Default: Disabled - enum: - - Disabled - - Enabled - type: string - linuxDataplane: - description: |- - LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it - causes the operator to add required mounts and environment variables for the particular dataplane. - If not specified, iptables mode is used. - Default: Iptables - enum: - - Iptables - - BPF - - VPP - - Nftables - type: string - linuxPolicySetupTimeoutSeconds: - description: |- - LinuxPolicySetupTimeoutSeconds delays new pods from running containers - until their policy has been programmed in the dataplane. - The specified delay defines the maximum amount of time - that the Calico CNI plugin will wait for policy to be programmed. - Only applies to pods created on Linux nodes. - * A value of 0 disables pod startup delays. - Default: 0 - format: int32 - type: integer - mtu: - description: |- - MTU specifies the maximum transmission unit to use on the pod network. - If not specified, Calico will perform MTU auto-detection based on the cluster network. - format: int32 - type: integer - multiInterfaceMode: - description: |- - MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations - using the Calico CNI plugin. - Default: None - enum: - - None - - Multus - type: string - nodeAddressAutodetectionV4: - description: |- - NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, - will use default auto-detection settings to acquire an IPv4 address for each node. - properties: - canReach: - description: |- - CanReach enables IP auto-detection based on which source address on the node is used to reach the - specified IP or domain. - type: string - cidrs: - description: |- - CIDRS enables IP auto-detection based on which addresses on the nodes are within - one of the provided CIDRs. - items: - type: string - type: array - firstFound: - description: |- - FirstFound uses default interface matching parameters to select an interface, performing best-effort - filtering based on well-known interface names. - type: boolean - interface: - description: - Interface enables IP auto-detection based on - interfaces that match the given regex. - type: string - kubernetes: - description: - Kubernetes configures Calico to detect node addresses - based on the Kubernetes API. - enum: - - NodeInternalIP - type: string - skipInterface: - description: |- - SkipInterface enables IP auto-detection based on interfaces that do not match - the given regex. - type: string - type: object - nodeAddressAutodetectionV6: - description: |- - NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, - IPv6 addresses will not be auto-detected. - properties: - canReach: - description: |- - CanReach enables IP auto-detection based on which source address on the node is used to reach the - specified IP or domain. - type: string - cidrs: - description: |- - CIDRS enables IP auto-detection based on which addresses on the nodes are within - one of the provided CIDRs. - items: - type: string - type: array - firstFound: - description: |- - FirstFound uses default interface matching parameters to select an interface, performing best-effort - filtering based on well-known interface names. - type: boolean - interface: - description: - Interface enables IP auto-detection based on - interfaces that match the given regex. - type: string - kubernetes: - description: - Kubernetes configures Calico to detect node addresses - based on the Kubernetes API. - enum: - - NodeInternalIP - type: string - skipInterface: - description: |- - SkipInterface enables IP auto-detection based on interfaces that do not match - the given regex. - type: string - type: object - sysctl: - description: Sysctl configures sysctl parameters for tuning plugin - items: - properties: - key: - enum: - - net.ipv4.tcp_keepalive_intvl - - net.ipv4.tcp_keepalive_probes - - net.ipv4.tcp_keepalive_time - type: string - value: - type: string - required: - - key - - value - type: object - type: array - windowsDataplane: - description: |- - WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it - causes the operator to add required mounts and environment variables for the particular dataplane. - If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. - Default: Disabled - enum: - - HNS - - Disabled - type: string - type: object - calicoNodeDaemonSet: - description: |- - CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in - conjunction with the deprecated ComponentResources, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the calico-node DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-node DaemonSet - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the calico-node DaemonSet's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-node pods. - If specified, this overrides any affinity that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-node DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-node containers. - If specified, this overrides the specified calico-node DaemonSet containers. - If omitted, the calico-node DaemonSet will use its default values for its containers. - items: - description: - CalicoNodeDaemonSetContainer is a calico-node - DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node DaemonSet container by name. - Supported values are: calico-node - enum: - - calico-node - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node DaemonSet container's resources. - If omitted, the calico-node DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - dnsConfig: - description: - DNSConfig allows customization of the - DNS configuration for the calico-node pods. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: - PodDNSConfigOption defines DNS - resolver options of a pod. - properties: - name: - description: |- - Name is this DNS resolver option's name. - Required. - type: string - value: - description: - Value is this DNS resolver - option's value. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - dnsPolicy: - description: - DNSPolicy is the DNS policy for the calico-node - pods. - enum: - - "" - - Default - - ClusterFirst - - ClusterFirstWithHostNet - - None - type: string - initContainers: - description: |- - InitContainers is a list of calico-node init containers. - If specified, this overrides the specified calico-node DaemonSet init containers. - If omitted, the calico-node DaemonSet will use its default values for its init containers. - items: - description: - CalicoNodeDaemonSetInitContainer is - a calico-node DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node DaemonSet init container by name. - Supported values are: install-cni, hostpath-init, flexvol-driver, ebpf-bootstrap, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner, mount-bpffs (deprecated, replaced by ebpf-bootstrap) - enum: - - install-cni - - hostpath-init - - flexvol-driver - - ebpf-bootstrap - - node-certs-key-cert-provisioner - - calico-node-prometheus-server-tls-key-cert-provisioner - - mount-bpffs - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node DaemonSet init container's resources. - If omitted, the calico-node DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-node pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-node DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-node pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-node DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoNodeWindowsDaemonSet: - description: - CalicoNodeWindowsDaemonSet configures the calico-node-windows - DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-node-windows - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-node-windows DaemonSet - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-node-windows DaemonSet's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-node-windows pods. - If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-node-windows containers. - If specified, this overrides the specified calico-node-windows DaemonSet containers. - If omitted, the calico-node-windows DaemonSet will use its default values for its containers. - items: - description: - CalicoNodeWindowsDaemonSetContainer - is a calico-node-windows DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node-windows DaemonSet container by name. - Supported values are: node, felix, confd - calico-node-windows is allowed because it was previously allowed. - enum: - - calico-node-windows - - node - - felix - - confd - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named DaemonSet container's resources. - If omitted, the DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of calico-node-windows init containers. - If specified, this overrides the specified calico-node-windows DaemonSet init containers. - If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. - items: - description: - CalicoNodeWindowsDaemonSetInitContainer - is a calico-node-windows DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node-windows DaemonSet init container by name. - Supported values are: install-cni;hostpath-init, flexvol-driver, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner - enum: - - install-cni - - hostpath-init - - flexvol-driver - - node-certs-key-cert-provisioner - - calico-node-windows-prometheus-server-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node-windows DaemonSet init container's resources. - If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-node-windows pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-node-windows pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoWindowsUpgradeDaemonSet: - description: |- - Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. - CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-windows-upgrade - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-windows-upgrade - DaemonSet pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-windows-upgrade DaemonSet's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. - If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-windows-upgrade containers. - If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. - If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. - items: - description: - CalicoWindowsUpgradeDaemonSetContainer - is a calico-windows-upgrade DaemonSet container. - properties: - name: - description: - Name is an enum which identifies - the calico-windows-upgrade DaemonSet container - by name. - enum: - - calico-windows-upgrade - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-windows-upgrade pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-windows-upgrade pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - certificateManagement: - description: |- - CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1 API in order - to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise - pods will be stuck during initialization. - properties: - caCert: - description: - Certificate of the authority that signs the CertificateSigningRequests - in PEM format. - format: byte - type: string - keyAlgorithm: - description: |- - Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. - Default: RSAWithSize2048 - enum: - - "" - - RSAWithSize2048 - - RSAWithSize4096 - - RSAWithSize8192 - - ECDSAWithCurve256 - - ECDSAWithCurve384 - - ECDSAWithCurve521 - type: string - signatureAlgorithm: - description: |- - Specify the algorithm used for the signature of the X.509 certificate request. - Default: SHA256WithRSA - enum: - - "" - - SHA256WithRSA - - SHA384WithRSA - - SHA512WithRSA - - ECDSAWithSHA256 - - ECDSAWithSHA384 - - ECDSAWithSHA512 - type: string - signerName: - description: |- - When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters - with multiple signers. - Must be formatted as: `/`. - type: string - required: - - caCert - - signerName - type: object - cni: - description: CNI specifies the CNI that will be used by this installation. - properties: - binDir: - description: |- - BinDir is the path to the CNI binaries directory. - If you have changed the installation directory for CNI binaries in the container runtime configuration, - please ensure that this field points to the same directory as specified in the container runtime settings. - Default directory depends on the KubernetesProvider. - * For KubernetesProvider GKE, this field defaults to "/home/kubernetes/bin". - * For KubernetesProvider OpenShift, this field defaults to "/var/lib/cni/bin". - * Otherwise, this field defaults to "/opt/cni/bin". - type: string - confDir: - description: |- - ConfDir is the path to the CNI config directory. - If you have changed the installation directory for CNI configuration in the container runtime configuration, - please ensure that this field points to the same directory as specified in the container runtime settings. - Default directory depends on the KubernetesProvider. - * For KubernetesProvider GKE, this field defaults to "/etc/cni/net.d". - * For KubernetesProvider OpenShift, this field defaults to "/var/run/multus/cni/net.d". - * Otherwise, this field defaults to "/etc/cni/net.d". - type: string - ipam: - description: |- - IPAM specifies the pod IP address management that will be used in the Calico or - Calico Enterprise installation. - properties: - type: - description: |- - Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. - * For CNI Plugin Calico, this field defaults to Calico. - * For CNI Plugin GKE, this field defaults to HostLocal. - * For CNI Plugin AzureVNET, this field defaults to AzureVNET. - * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. - The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, - for all other values of the CNI plugin the plugin binaries and CNI config is a dependency - that is expected to be installed separately. - Default: Calico - enum: - - Calico - - HostLocal - - AmazonVPC - - AzureVNET - type: string - required: - - type - type: object - type: - description: |- - Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. - * For KubernetesProvider GKE, this field defaults to GKE. - * For KubernetesProvider AKS, this field defaults to AzureVNET. - * For KubernetesProvider EKS, this field defaults to AmazonVPC. - * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. - * For all other cases this field defaults to Calico. - For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, - for all other values the CNI plugin binaries and CNI config is a dependency that is expected - to be installed separately. - Default: Calico - enum: - - Calico - - GKE - - AmazonVPC - - AzureVNET - type: string - required: - - type - type: object - componentResources: - description: |- - Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. - ComponentResources can be used to customize the resource requirements for each component. - Node, Typha, and KubeControllers are supported for installations. - items: - description: |- - Deprecated. Please use component resource config fields in Installation.Spec instead. - The ComponentResource struct associates a ResourceRequirements with a component by name - properties: - componentName: - description: ComponentName is an enum which identifies the component - enum: - - Node - - Typha - - KubeControllers - - NodeWindows - - FelixWindows - - ConfdWindows - type: string - resourceRequirements: - description: - ResourceRequirements allows customization of limits - and requests for compute resources such as cpu and memory. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - componentName - - resourceRequirements - type: object - type: array - controlPlaneNodeSelector: - additionalProperties: - type: string - description: |- - ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico - components. This is globally applied to all resources created by the operator excluding daemonsets. - type: object - controlPlaneReplicas: - description: |- - ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. - This field applies to all control plane components that support High Availability. Defaults to 2. - format: int32 - type: integer - controlPlaneTolerations: - description: |- - ControlPlaneTolerations specify tolerations which are then globally applied to all resources - created by the operator. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - csiNodeDriverDaemonSet: - description: - CSINodeDriverDaemonSet configures the csi-node-driver - DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the csi-node-driver - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the csi-node-driver DaemonSet - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the csi-node-driver DaemonSet's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the csi-node-driver pods. - If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of csi-node-driver containers. - If specified, this overrides the specified csi-node-driver DaemonSet containers. - If omitted, the csi-node-driver DaemonSet will use its default values for its containers. - items: - description: - CSINodeDriverDaemonSetContainer is - a csi-node-driver DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the csi-node-driver DaemonSet container by name. - Supported values are: calico-csi, csi-node-driver-registrar. - enum: - - calico-csi - - csi-node-driver-registrar - - csi-node-driver - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named csi-node-driver DaemonSet container's resources. - If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the csi-node-driver pod's scheduling constraints. - If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the csi-node-driver pod's tolerations. - If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - fipsMode: - description: |- - FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. - Only supported for Variant=Calico. - Default: Disabled - enum: - - Enabled - - Disabled - type: string - flexVolumePath: - description: |- - FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be - enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the - kubernetesProvider. - type: string - imagePath: - description: |- - ImagePath allows for the path part of an image to be specified. If specified - then the specified value will be used as the image path for each image. If not specified - or empty, the default for each image will be used. - A special case value, UseDefault, is supported to explicitly specify the default - image path will be used for each image. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - imagePrefix: - description: |- - ImagePrefix allows for the prefix part of an image to be specified. If specified - then the given value will be used as a prefix on each image. If not specified - or empty, no prefix will be used. - A special case value, UseDefault, is supported to explicitly specify the default - image prefix will be used for each image. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - imagePullSecrets: - description: |- - ImagePullSecrets is an array of references to container registry pull secrets to use. These are - applied to all images to be pulled. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - kubeletVolumePluginPath: - description: |- - KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, - CSI will be enabled by default. If set to 'None', CSI will be disabled. - Default: /var/lib/kubelet - type: string - kubernetesProvider: - description: |- - KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. - If the specified value is empty, the Operator will attempt to automatically determine the current provider. - If the specified value is not empty, the Operator will still attempt auto-detection, but - will additionally compare the auto-detected value to the specified value to confirm they match. - enum: - - "" - - EKS - - GKE - - AKS - - OpenShift - - DockerEnterprise - - RKE2 - - TKG - - Kind - type: string - logging: - description: Logging Configuration for Components - properties: - cni: - description: Customized logging specification for calico-cni plugin - properties: - logFileMaxAgeDays: - description: "Default: 30 (days)" - format: int32 - type: integer - logFileMaxCount: - description: "Default: 10" - format: int32 - type: integer - logFileMaxSize: - anyOf: - - type: integer - - type: string - description: "Default: 100Mi" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - logSeverity: - description: "Default: Info" - enum: - - Error - - Warning - - Info - - Debug - type: string - type: object - type: object - nodeMetricsPort: - description: |- - NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. - If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then - prometheus metrics may still be configured through FelixConfiguration. - format: int32 - type: integer - nodeUpdateStrategy: - description: |- - NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable - field. - properties: - rollingUpdate: - description: - Rolling update config params. Present only if type - = "RollingUpdate". - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of nodes with an existing available DaemonSet pod that - can have an updated DaemonSet pod during during an update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up to a minimum of 1. - Default value is 0. - Example: when this is set to 30%, at most 30% of the total number of nodes - that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their a new pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. Once an updated - pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - on that node is marked deleted. If the old pod becomes unavailable for any - reason (Ready transitions to false, is evicted, or is drained) an updated - pod is immediately created on that node without considering surge limits. - Allowing surge implies the possibility that the resources consumed by the - daemonset on any given node can double if the readiness check fails, and - so resource intensive daemonsets should take into account that they may - cause evictions during disruption. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of DaemonSet pods that can be unavailable during the - update. Value can be an absolute number (ex: 5) or a percentage of total - number of DaemonSet pods at the start of the update (ex: 10%). Absolute - number is calculated from percentage by rounding up. - This cannot be 0 if MaxSurge is 0 - Default value is 1. - Example: when this is set to 30%, at most 30% of the total number of nodes - that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given time. The update - starts by stopping at most 30% of those DaemonSet pods and then brings - up new DaemonSet pods in their place. Once the new pods are available, - it then proceeds onto other DaemonSet pods, thus ensuring that at least - 70% of original number of DaemonSet pods are available at all times during - the update. - x-kubernetes-int-or-string: true - type: object - type: - description: - Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - nonPrivileged: - description: |- - Deprecated. NonPrivileged is deprecated and will be removed from the API in a future release. - Enabling this field is not supported and will cause errors. - NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. - type: string - proxy: - description: |- - Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect - to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within - the cluster (including the API server) are exempt from proxying. - properties: - httpProxy: - description: |- - HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. - type: string - httpsProxy: - description: |- - HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. - type: string - noProxy: - description: |- - NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including - the Kubernetes API server, are exempt from being proxied. - type: string - type: object - registry: - description: |- - Registry is the default Docker registry used for component Docker images. - If specified then the given value must end with a slash character (`/`) and all images will be pulled from this registry. - If not specified then the default registries will be used. A special case value, UseDefault, is - supported to explicitly specify the default registries will be used. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - serviceCIDRs: - description: - Kubernetes Service CIDRs. Specifying this is required - when using Calico for Windows. - items: - type: string - type: array - tlsCipherSuites: - description: - TLSCipherSuites defines the cipher suite list that the - TLS protocol should use during secure communication. - items: - properties: - name: - description: This should be a valid TLS cipher suite name. - enum: - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 - - TLS_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 - - TLS_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - type: string - type: object - type: array - typhaAffinity: - description: |- - Deprecated. Please use Installation.Spec.TyphaDeployment instead. - TyphaAffinity allows configuration of node affinity characteristics for Typha pods. - properties: - nodeAffinity: - description: - NodeAffinity describes node affinity scheduling rules - for typha. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - WARNING: Please note that if the affinity requirements specified by this field are not met at - scheduling time, the pod will NOT be scheduled onto the node. - There is no fallback to another affinity rules with this setting. - This may cause networking disruption or even catastrophic failure! - PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity - unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and - you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. - NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, - to avoid scheduling Typhas on virtual-nodes. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - type: object - typhaDeployment: - description: |- - TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated - ComponentResources or TyphaAffinity, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the typha Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - strategy: - description: - The deployment strategy to use to replace existing - pods with new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if DeploymentStrategyType = - RollingUpdate. - to be. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be scheduled above the desired number of - pods. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - the rolling update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that total number of pods running - at any time during the update is at most 130% of desired pods. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - that the total number of pods available at all times during the update is at - least 70% of desired pods. - x-kubernetes-int-or-string: true - type: object - type: object - template: - description: - Template describes the typha Deployment pod that - will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the typha Deployment's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the typha pods. - If specified, this overrides any affinity that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for affinity. - If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. - WARNING: Please note that this field will override the default calico-typha Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of typha containers. - If specified, this overrides the specified typha Deployment containers. - If omitted, the typha Deployment will use its default values for its containers. - items: - description: - TyphaDeploymentContainer is a typha - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the typha Deployment container by name. - Supported values are: calico-typha - enum: - - calico-typha - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named typha Deployment container's resources. - If omitted, the typha Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of typha init containers. - If specified, this overrides the specified typha Deployment init containers. - If omitted, the typha Deployment will use its default values for its init containers. - items: - description: - TyphaDeploymentInitContainer is a typha - Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the typha Deployment init container by name. - Supported values are: typha-certs-key-cert-provisioner - enum: - - typha-certs-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named typha Deployment init container's resources. - If omitted, the typha Deployment will use its default value for this init container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-typha pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-typha Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector. - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - If this value is nil, the default grace period will be used instead. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: |- - Tolerations is the typha pod's tolerations. - If specified, this overrides any tolerations that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-typha Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - typhaMetricsPort: - description: - TyphaMetricsPort specifies which port calico/typha serves - prometheus metrics on. By default, metrics are not enabled. - format: int32 - type: integer - variant: - description: |- - Variant is the product to install - one of Calico or TigeraSecureEnterprise - Default: Calico - enum: - - Calico - - TigeraSecureEnterprise - type: string - windowsNodes: - description: Windows Configuration - properties: - cniBinDir: - description: |- - CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under - [plugins] - [plugins."io.containerd.grpc.v1.cri"] - [plugins."io.containerd.grpc.v1.cri".cni] - on the containerd 'config.toml' file on the Windows nodes. - type: string - cniConfigDir: - description: |- - CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under - [plugins] - [plugins."io.containerd.grpc.v1.cri"] - [plugins."io.containerd.grpc.v1.cri".cni] - on the containerd 'config.toml' file on the Windows nodes. - type: string - cniLogDir: - description: - CNILogDir is the path to the Calico CNI logs directory - on Windows. - type: string - vxlanAdapter: - description: - VXLANAdapter is the Network Adapter used for VXLAN, - leave blank for primary NIC - type: string - vxlanMACPrefix: - description: - VXLANMACPrefix is the prefix used when generating - MAC addresses for virtual NICs - pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$ - type: string - type: object - type: object - status: - description: - Most recently observed state for the Calico or Calico Enterprise - installation. - properties: - calicoVersion: - description: |- - CalicoVersion shows the current running version of calico. - CalicoVersion along with Variant is needed to know the exact - version deployed. - type: string - computed: - description: - Computed is the final installation including overlaid - resources. - properties: - azure: - description: - Azure is used to configure azure provider specific - options. - properties: - policyMode: - default: Default - description: |- - PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. - The Default option adds the "control-plane" label to the required namespaces. - The Manual option does not apply the "control-plane" label to any namespace. - Default: Default - enum: - - Default - - Manual - type: string - type: object - calicoKubeControllersDeployment: - description: |- - CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in - conjunction with the deprecated ComponentResources, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-kube-controllers - Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-kube-controllers - Deployment pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-kube-controllers Deployment's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. - If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for affinity. - WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-kube-controllers containers. - If specified, this overrides the specified calico-kube-controllers Deployment containers. - If omitted, the calico-kube-controllers Deployment will use its default values for its containers. - items: - description: - CalicoKubeControllersDeploymentContainer - is a calico-kube-controllers Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the calico-kube-controllers Deployment container by name. - Supported values are: calico-kube-controllers, es-calico-kube-controllers - enum: - - calico-kube-controllers - - es-calico-kube-controllers - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-kube-controllers Deployment container's resources. - If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-kube-controllers pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment - and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-kube-controllers pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. - If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoNetwork: - description: - CalicoNetwork specifies networking configuration - options for Calico. - properties: - bgp: - description: - BGP configures whether or not to enable Calico's - BGP capabilities. - enum: - - Enabled - - Disabled - type: string - bpfNetworkBootstrap: - description: |- - BPFNetworkBootstrap manages the initial networking setup required to configure the BPF dataplane. - When enabled, the operator tries to bootstraps access to the Kubernetes API Server - by using the Kubernetes service and its associated endpoints. - This field should be enabled only if linuxDataplane is set to "BPF". - If another dataplane is selected, this field must be omitted or explicitly set to Disabled. - When disabled and linuxDataplane is BPF, you must manually provide the Kubernetes API Server - information via the "kubernetes-service-endpoint" ConfigMap. It is invalid to use both the ConfigMap - and have this field set to true at the same time. - Default: Disabled - enum: - - Disabled - - Enabled - type: string - containerIPForwarding: - description: |- - ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. - Default: Disabled - enum: - - Enabled - - Disabled - type: string - hostPorts: - description: |- - HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. - Default: Enabled - enum: - - Enabled - - Disabled - type: string - ipPools: - description: |- - IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool - will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead - wait for IP pools to be created out-of-band. - IP pools in this list will be reconciled by the operator and should not be modified out-of-band. - items: - properties: - allowedUses: - description: |- - AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to - ["Tunnel", "Workload"] for back-compatibility - items: - type: string - type: array - assignmentMode: - description: - AssignmentMode determines if IP addresses - from this pool should be assigned automatically or - on request only - type: string - blockSize: - description: |- - BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from - the main IP pool CIDR. - Default: 26 (IPv4), 122 (IPv6) - format: int32 - type: integer - cidr: - description: - CIDR contains the address range for the - IP Pool in classless inter-domain routing format. - type: string - disableBGPExport: - default: false - description: |- - DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP. - Default: false - type: boolean - disableNewAllocations: - description: |- - DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. - This is useful when you want to prevent new pods from receiving IP addresses from this pool, without - impacting any existing pods that have already been assigned addresses from this pool. - type: boolean - encapsulation: - description: |- - Encapsulation specifies the encapsulation type that will be used with - the IP Pool. - Default: IPIP - enum: - - IPIPCrossSubnet - - IPIP - - VXLAN - - VXLANCrossSubnet - - None - type: string - name: - description: - Name is the name of the IP pool. If omitted, - this will be generated. - type: string - natOutgoing: - description: |- - NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. - Default: Enabled - enum: - - Enabled - - Disabled - type: string - nodeSelector: - description: |- - NodeSelector specifies the node selector that will be set for the IP Pool. - Default: 'all()' - type: string - required: - - cidr - type: object - maxItems: 25 - type: array - kubeProxyManagement: - description: |- - KubeProxyManagement controls whether the operator manages the kube-proxy DaemonSet. - When enabled, the operator will manage the DaemonSet by patching it: - it disables kube-proxy if the dataplane is BPF, or enables it otherwise. - Default: Disabled - enum: - - Disabled - - Enabled - type: string - linuxDataplane: - description: |- - LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it - causes the operator to add required mounts and environment variables for the particular dataplane. - If not specified, iptables mode is used. - Default: Iptables - enum: - - Iptables - - BPF - - VPP - - Nftables - type: string - linuxPolicySetupTimeoutSeconds: - description: |- - LinuxPolicySetupTimeoutSeconds delays new pods from running containers - until their policy has been programmed in the dataplane. - The specified delay defines the maximum amount of time - that the Calico CNI plugin will wait for policy to be programmed. - Only applies to pods created on Linux nodes. - * A value of 0 disables pod startup delays. - Default: 0 - format: int32 - type: integer - mtu: - description: |- - MTU specifies the maximum transmission unit to use on the pod network. - If not specified, Calico will perform MTU auto-detection based on the cluster network. - format: int32 - type: integer - multiInterfaceMode: - description: |- - MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations - using the Calico CNI plugin. - Default: None - enum: - - None - - Multus - type: string - nodeAddressAutodetectionV4: - description: |- - NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, - will use default auto-detection settings to acquire an IPv4 address for each node. - properties: - canReach: - description: |- - CanReach enables IP auto-detection based on which source address on the node is used to reach the - specified IP or domain. - type: string - cidrs: - description: |- - CIDRS enables IP auto-detection based on which addresses on the nodes are within - one of the provided CIDRs. - items: - type: string - type: array - firstFound: - description: |- - FirstFound uses default interface matching parameters to select an interface, performing best-effort - filtering based on well-known interface names. - type: boolean - interface: - description: - Interface enables IP auto-detection based - on interfaces that match the given regex. - type: string - kubernetes: - description: - Kubernetes configures Calico to detect node - addresses based on the Kubernetes API. - enum: - - NodeInternalIP - type: string - skipInterface: - description: |- - SkipInterface enables IP auto-detection based on interfaces that do not match - the given regex. - type: string - type: object - nodeAddressAutodetectionV6: - description: |- - NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, - IPv6 addresses will not be auto-detected. - properties: - canReach: - description: |- - CanReach enables IP auto-detection based on which source address on the node is used to reach the - specified IP or domain. - type: string - cidrs: - description: |- - CIDRS enables IP auto-detection based on which addresses on the nodes are within - one of the provided CIDRs. - items: - type: string - type: array - firstFound: - description: |- - FirstFound uses default interface matching parameters to select an interface, performing best-effort - filtering based on well-known interface names. - type: boolean - interface: - description: - Interface enables IP auto-detection based - on interfaces that match the given regex. - type: string - kubernetes: - description: - Kubernetes configures Calico to detect node - addresses based on the Kubernetes API. - enum: - - NodeInternalIP - type: string - skipInterface: - description: |- - SkipInterface enables IP auto-detection based on interfaces that do not match - the given regex. - type: string - type: object - sysctl: - description: - Sysctl configures sysctl parameters for tuning - plugin - items: - properties: - key: - enum: - - net.ipv4.tcp_keepalive_intvl - - net.ipv4.tcp_keepalive_probes - - net.ipv4.tcp_keepalive_time - type: string - value: - type: string - required: - - key - - value - type: object - type: array - windowsDataplane: - description: |- - WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it - causes the operator to add required mounts and environment variables for the particular dataplane. - If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. - Default: Disabled - enum: - - HNS - - Disabled - type: string - type: object - calicoNodeDaemonSet: - description: |- - CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in - conjunction with the deprecated ComponentResources, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-node - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-node DaemonSet - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the calico-node DaemonSet's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-node pods. - If specified, this overrides any affinity that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-node DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-node containers. - If specified, this overrides the specified calico-node DaemonSet containers. - If omitted, the calico-node DaemonSet will use its default values for its containers. - items: - description: - CalicoNodeDaemonSetContainer is - a calico-node DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node DaemonSet container by name. - Supported values are: calico-node - enum: - - calico-node - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node DaemonSet container's resources. - If omitted, the calico-node DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - dnsConfig: - description: - DNSConfig allows customization of - the DNS configuration for the calico-node pods. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: - PodDNSConfigOption defines - DNS resolver options of a pod. - properties: - name: - description: |- - Name is this DNS resolver option's name. - Required. - type: string - value: - description: - Value is this DNS resolver - option's value. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - dnsPolicy: - description: - DNSPolicy is the DNS policy for the - calico-node pods. - enum: - - "" - - Default - - ClusterFirst - - ClusterFirstWithHostNet - - None - type: string - initContainers: - description: |- - InitContainers is a list of calico-node init containers. - If specified, this overrides the specified calico-node DaemonSet init containers. - If omitted, the calico-node DaemonSet will use its default values for its init containers. - items: - description: - CalicoNodeDaemonSetInitContainer - is a calico-node DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node DaemonSet init container by name. - Supported values are: install-cni, hostpath-init, flexvol-driver, ebpf-bootstrap, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner, mount-bpffs (deprecated, replaced by ebpf-bootstrap) - enum: - - install-cni - - hostpath-init - - flexvol-driver - - ebpf-bootstrap - - node-certs-key-cert-provisioner - - calico-node-prometheus-server-tls-key-cert-provisioner - - mount-bpffs - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node DaemonSet init container's resources. - If omitted, the calico-node DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-node pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-node DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-node pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. - If omitted, the calico-node DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-node DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoNodeWindowsDaemonSet: - description: - CalicoNodeWindowsDaemonSet configures the calico-node-windows - DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-node-windows - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-node-windows - DaemonSet pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-node-windows DaemonSet's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-node-windows pods. - If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-node-windows containers. - If specified, this overrides the specified calico-node-windows DaemonSet containers. - If omitted, the calico-node-windows DaemonSet will use its default values for its containers. - items: - description: - CalicoNodeWindowsDaemonSetContainer - is a calico-node-windows DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node-windows DaemonSet container by name. - Supported values are: node, felix, confd - calico-node-windows is allowed because it was previously allowed. - enum: - - calico-node-windows - - node - - felix - - confd - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named DaemonSet container's resources. - If omitted, the DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of calico-node-windows init containers. - If specified, this overrides the specified calico-node-windows DaemonSet init containers. - If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. - items: - description: - CalicoNodeWindowsDaemonSetInitContainer - is a calico-node-windows DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the calico-node-windows DaemonSet init container by name. - Supported values are: install-cni;hostpath-init, flexvol-driver, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner - enum: - - install-cni - - hostpath-init - - flexvol-driver - - node-certs-key-cert-provisioner - - calico-node-windows-prometheus-server-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-node-windows DaemonSet init container's resources. - If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-node-windows pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-node-windows pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. - If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - calicoWindowsUpgradeDaemonSet: - description: |- - Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. - CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the calico-windows-upgrade - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the calico-windows-upgrade - DaemonSet pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the calico-windows-upgrade DaemonSet's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. - If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of calico-windows-upgrade containers. - If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. - If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. - items: - description: - CalicoWindowsUpgradeDaemonSetContainer - is a calico-windows-upgrade DaemonSet container. - properties: - name: - description: - Name is an enum which identifies - the calico-windows-upgrade DaemonSet container - by name. - enum: - - calico-windows-upgrade - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-windows-upgrade pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the calico-windows-upgrade pod's tolerations. - If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. - If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - certificateManagement: - description: |- - CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1 API in order - to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise - pods will be stuck during initialization. - properties: - caCert: - description: - Certificate of the authority that signs the CertificateSigningRequests - in PEM format. - format: byte - type: string - keyAlgorithm: - description: |- - Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. - Default: RSAWithSize2048 - enum: - - "" - - RSAWithSize2048 - - RSAWithSize4096 - - RSAWithSize8192 - - ECDSAWithCurve256 - - ECDSAWithCurve384 - - ECDSAWithCurve521 - type: string - signatureAlgorithm: - description: |- - Specify the algorithm used for the signature of the X.509 certificate request. - Default: SHA256WithRSA - enum: - - "" - - SHA256WithRSA - - SHA384WithRSA - - SHA512WithRSA - - ECDSAWithSHA256 - - ECDSAWithSHA384 - - ECDSAWithSHA512 - type: string - signerName: - description: |- - When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters - with multiple signers. - Must be formatted as: `/`. - type: string - required: - - caCert - - signerName - type: object - cni: - description: CNI specifies the CNI that will be used by this installation. - properties: - binDir: - description: |- - BinDir is the path to the CNI binaries directory. - If you have changed the installation directory for CNI binaries in the container runtime configuration, - please ensure that this field points to the same directory as specified in the container runtime settings. - Default directory depends on the KubernetesProvider. - * For KubernetesProvider GKE, this field defaults to "/home/kubernetes/bin". - * For KubernetesProvider OpenShift, this field defaults to "/var/lib/cni/bin". - * Otherwise, this field defaults to "/opt/cni/bin". - type: string - confDir: - description: |- - ConfDir is the path to the CNI config directory. - If you have changed the installation directory for CNI configuration in the container runtime configuration, - please ensure that this field points to the same directory as specified in the container runtime settings. - Default directory depends on the KubernetesProvider. - * For KubernetesProvider GKE, this field defaults to "/etc/cni/net.d". - * For KubernetesProvider OpenShift, this field defaults to "/var/run/multus/cni/net.d". - * Otherwise, this field defaults to "/etc/cni/net.d". - type: string - ipam: - description: |- - IPAM specifies the pod IP address management that will be used in the Calico or - Calico Enterprise installation. - properties: - type: - description: |- - Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. - * For CNI Plugin Calico, this field defaults to Calico. - * For CNI Plugin GKE, this field defaults to HostLocal. - * For CNI Plugin AzureVNET, this field defaults to AzureVNET. - * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. - The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, - for all other values of the CNI plugin the plugin binaries and CNI config is a dependency - that is expected to be installed separately. - Default: Calico - enum: - - Calico - - HostLocal - - AmazonVPC - - AzureVNET - type: string - required: - - type - type: object - type: - description: |- - Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. - * For KubernetesProvider GKE, this field defaults to GKE. - * For KubernetesProvider AKS, this field defaults to AzureVNET. - * For KubernetesProvider EKS, this field defaults to AmazonVPC. - * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. - * For all other cases this field defaults to Calico. - For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, - for all other values the CNI plugin binaries and CNI config is a dependency that is expected - to be installed separately. - Default: Calico - enum: - - Calico - - GKE - - AmazonVPC - - AzureVNET - type: string - required: - - type - type: object - componentResources: - description: |- - Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. - ComponentResources can be used to customize the resource requirements for each component. - Node, Typha, and KubeControllers are supported for installations. - items: - description: |- - Deprecated. Please use component resource config fields in Installation.Spec instead. - The ComponentResource struct associates a ResourceRequirements with a component by name - properties: - componentName: - description: - ComponentName is an enum which identifies the - component - enum: - - Node - - Typha - - KubeControllers - - NodeWindows - - FelixWindows - - ConfdWindows - type: string - resourceRequirements: - description: - ResourceRequirements allows customization of - limits and requests for compute resources such as cpu - and memory. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - componentName - - resourceRequirements - type: object - type: array - controlPlaneNodeSelector: - additionalProperties: - type: string - description: |- - ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico - components. This is globally applied to all resources created by the operator excluding daemonsets. - type: object - controlPlaneReplicas: - description: |- - ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. - This field applies to all control plane components that support High Availability. Defaults to 2. - format: int32 - type: integer - controlPlaneTolerations: - description: |- - ControlPlaneTolerations specify tolerations which are then globally applied to all resources - created by the operator. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - csiNodeDriverDaemonSet: - description: - CSINodeDriverDaemonSet configures the csi-node-driver - DaemonSet. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the DaemonSet. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the specification of the csi-node-driver - DaemonSet. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - template: - description: - Template describes the csi-node-driver DaemonSet - pod that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: - Spec is the csi-node-driver DaemonSet's - PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the csi-node-driver pods. - If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for affinity. - WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of csi-node-driver containers. - If specified, this overrides the specified csi-node-driver DaemonSet containers. - If omitted, the csi-node-driver DaemonSet will use its default values for its containers. - items: - description: - CSINodeDriverDaemonSetContainer - is a csi-node-driver DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the csi-node-driver DaemonSet container by name. - Supported values are: calico-csi, csi-node-driver-registrar. - enum: - - calico-csi - - csi-node-driver-registrar - - csi-node-driver - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named csi-node-driver DaemonSet container's resources. - If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the csi-node-driver pod's scheduling constraints. - If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. - type: object - tolerations: - description: |- - Tolerations is the csi-node-driver pod's tolerations. - If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. - If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. - WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - fipsMode: - description: |- - FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. - Only supported for Variant=Calico. - Default: Disabled - enum: - - Enabled - - Disabled - type: string - flexVolumePath: - description: |- - FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be - enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the - kubernetesProvider. - type: string - imagePath: - description: |- - ImagePath allows for the path part of an image to be specified. If specified - then the specified value will be used as the image path for each image. If not specified - or empty, the default for each image will be used. - A special case value, UseDefault, is supported to explicitly specify the default - image path will be used for each image. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - imagePrefix: - description: |- - ImagePrefix allows for the prefix part of an image to be specified. If specified - then the given value will be used as a prefix on each image. If not specified - or empty, no prefix will be used. - A special case value, UseDefault, is supported to explicitly specify the default - image prefix will be used for each image. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - imagePullSecrets: - description: |- - ImagePullSecrets is an array of references to container registry pull secrets to use. These are - applied to all images to be pulled. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - kubeletVolumePluginPath: - description: |- - KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, - CSI will be enabled by default. If set to 'None', CSI will be disabled. - Default: /var/lib/kubelet - type: string - kubernetesProvider: - description: |- - KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. - If the specified value is empty, the Operator will attempt to automatically determine the current provider. - If the specified value is not empty, the Operator will still attempt auto-detection, but - will additionally compare the auto-detected value to the specified value to confirm they match. - enum: - - "" - - EKS - - GKE - - AKS - - OpenShift - - DockerEnterprise - - RKE2 - - TKG - - Kind - type: string - logging: - description: Logging Configuration for Components - properties: - cni: - description: - Customized logging specification for calico-cni - plugin - properties: - logFileMaxAgeDays: - description: "Default: 30 (days)" - format: int32 - type: integer - logFileMaxCount: - description: "Default: 10" - format: int32 - type: integer - logFileMaxSize: - anyOf: - - type: integer - - type: string - description: "Default: 100Mi" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - logSeverity: - description: "Default: Info" - enum: - - Error - - Warning - - Info - - Debug - type: string - type: object - type: object - nodeMetricsPort: - description: |- - NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. - If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then - prometheus metrics may still be configured through FelixConfiguration. - format: int32 - type: integer - nodeUpdateStrategy: - description: |- - NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable - field. - properties: - rollingUpdate: - description: - Rolling update config params. Present only if - type = "RollingUpdate". - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of nodes with an existing available DaemonSet pod that - can have an updated DaemonSet pod during during an update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up to a minimum of 1. - Default value is 0. - Example: when this is set to 30%, at most 30% of the total number of nodes - that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their a new pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. Once an updated - pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - on that node is marked deleted. If the old pod becomes unavailable for any - reason (Ready transitions to false, is evicted, or is drained) an updated - pod is immediately created on that node without considering surge limits. - Allowing surge implies the possibility that the resources consumed by the - daemonset on any given node can double if the readiness check fails, and - so resource intensive daemonsets should take into account that they may - cause evictions during disruption. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of DaemonSet pods that can be unavailable during the - update. Value can be an absolute number (ex: 5) or a percentage of total - number of DaemonSet pods at the start of the update (ex: 10%). Absolute - number is calculated from percentage by rounding up. - This cannot be 0 if MaxSurge is 0 - Default value is 1. - Example: when this is set to 30%, at most 30% of the total number of nodes - that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given time. The update - starts by stopping at most 30% of those DaemonSet pods and then brings - up new DaemonSet pods in their place. Once the new pods are available, - it then proceeds onto other DaemonSet pods, thus ensuring that at least - 70% of original number of DaemonSet pods are available at all times during - the update. - x-kubernetes-int-or-string: true - type: object - type: - description: - Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - nonPrivileged: - description: |- - Deprecated. NonPrivileged is deprecated and will be removed from the API in a future release. - Enabling this field is not supported and will cause errors. - NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. - type: string - proxy: - description: |- - Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect - to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within - the cluster (including the API server) are exempt from proxying. - properties: - httpProxy: - description: |- - HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. - type: string - httpsProxy: - description: |- - HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. - type: string - noProxy: - description: |- - NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to - destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including - the Kubernetes API server, are exempt from being proxied. - type: string - type: object - registry: - description: |- - Registry is the default Docker registry used for component Docker images. - If specified then the given value must end with a slash character (`/`) and all images will be pulled from this registry. - If not specified then the default registries will be used. A special case value, UseDefault, is - supported to explicitly specify the default registries will be used. - Image format: - `/:` - This option allows configuring the `` portion of the above format. - type: string - serviceCIDRs: - description: - Kubernetes Service CIDRs. Specifying this is required - when using Calico for Windows. - items: - type: string - type: array - tlsCipherSuites: - description: - TLSCipherSuites defines the cipher suite list that - the TLS protocol should use during secure communication. - items: - properties: - name: - description: This should be a valid TLS cipher suite name. - enum: - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 - - TLS_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 - - TLS_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - type: string - type: object - type: array - typhaAffinity: - description: |- - Deprecated. Please use Installation.Spec.TyphaDeployment instead. - TyphaAffinity allows configuration of node affinity characteristics for Typha pods. - properties: - nodeAffinity: - description: - NodeAffinity describes node affinity scheduling - rules for typha. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - WARNING: Please note that if the affinity requirements specified by this field are not met at - scheduling time, the pod will NOT be scheduled onto the node. - There is no fallback to another affinity rules with this setting. - This may cause networking disruption or even catastrophic failure! - PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity - unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and - you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. - NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, - to avoid scheduling Typhas on virtual-nodes. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - type: object - typhaDeployment: - description: |- - TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated - ComponentResources or TyphaAffinity, then these overrides take precedence. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the typha Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - strategy: - description: - The deployment strategy to use to replace - existing pods with new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if DeploymentStrategyType = - RollingUpdate. - to be. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be scheduled above the desired number of - pods. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - the rolling update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that total number of pods running - at any time during the update is at most 130% of desired pods. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - that the total number of pods available at all times during the update is at - least 70% of desired pods. - x-kubernetes-int-or-string: true - type: object - type: object - template: - description: - Template describes the typha Deployment pod - that will be created. - properties: - metadata: - description: |- - Metadata is a subset of a Kubernetes object's metadata that is added to - the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the typha Deployment's PodSpec. - properties: - affinity: - description: |- - Affinity is a group of affinity scheduling rules for the typha pods. - If specified, this overrides any affinity that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for affinity. - If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. - WARNING: Please note that this field will override the default calico-typha Deployment affinity. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node - selector requirements by node's - labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node - selector requirements by node's - fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of typha containers. - If specified, this overrides the specified typha Deployment containers. - If omitted, the typha Deployment will use its default values for its containers. - items: - description: - TyphaDeploymentContainer is a typha - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the typha Deployment container by name. - Supported values are: calico-typha - enum: - - calico-typha - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named typha Deployment container's resources. - If omitted, the typha Deployment will use its default value for this container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of typha init containers. - If specified, this overrides the specified typha Deployment init containers. - If omitted, the typha Deployment will use its default values for its init containers. - items: - description: - TyphaDeploymentInitContainer is - a typha Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the typha Deployment init container by name. - Supported values are: typha-certs-key-cert-provisioner - enum: - - typha-certs-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named typha Deployment init container's resources. - If omitted, the typha Deployment will use its default value for this init container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is the calico-typha pod's scheduling constraints. - If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided - the key does not already exist in the object's nodeSelector. - If omitted, the calico-typha Deployment will use its default value for nodeSelector. - WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector. - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - If this value is nil, the default grace period will be used instead. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: |- - Tolerations is the typha pod's tolerations. - If specified, this overrides any tolerations that may be set on the typha Deployment. - If omitted, the typha Deployment will use its default value for tolerations. - WARNING: Please note that this field will override the default calico-typha Deployment tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - typhaMetricsPort: - description: - TyphaMetricsPort specifies which port calico/typha - serves prometheus metrics on. By default, metrics are not enabled. - format: int32 - type: integer - variant: - description: |- - Variant is the product to install - one of Calico or TigeraSecureEnterprise - Default: Calico - enum: - - Calico - - TigeraSecureEnterprise - type: string - windowsNodes: - description: Windows Configuration - properties: - cniBinDir: - description: |- - CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under - [plugins] - [plugins."io.containerd.grpc.v1.cri"] - [plugins."io.containerd.grpc.v1.cri".cni] - on the containerd 'config.toml' file on the Windows nodes. - type: string - cniConfigDir: - description: |- - CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under - [plugins] - [plugins."io.containerd.grpc.v1.cri"] - [plugins."io.containerd.grpc.v1.cri".cni] - on the containerd 'config.toml' file on the Windows nodes. - type: string - cniLogDir: - description: - CNILogDir is the path to the Calico CNI logs - directory on Windows. - type: string - vxlanAdapter: - description: - VXLANAdapter is the Network Adapter used for - VXLAN, leave blank for primary NIC - type: string - vxlanMACPrefix: - description: - VXLANMACPrefix is the prefix used when generating - MAC addresses for virtual NICs - pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$ - type: string - type: object - type: object - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - imageSet: - description: |- - ImageSet is the name of the ImageSet being used, if there is an ImageSet - that is being used. If an ImageSet is not being used then this will not be set. - type: string - mtu: - description: |- - MTU is the most recently observed value for pod network MTU. This may be an explicitly - configured value, or based on Calico's native auto-detetion. - format: int32 - type: integer - variant: - description: - Variant is the most recently observed installed variant - - one of Calico or TigeraSecureEnterprise - enum: - - Calico - - TigeraSecureEnterprise - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default', 'tigera-secure', or 'overlay' - rule: - self.metadata.name == 'default' || self.metadata.name == 'tigera-secure' - || self.metadata.name == 'overlay' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_intrusiondetections.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_intrusiondetections.yaml deleted file mode 100644 index c316891..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_intrusiondetections.yaml +++ /dev/null @@ -1,499 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: intrusiondetections.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: IntrusionDetection - listKind: IntrusionDetectionList - plural: intrusiondetections - singular: intrusiondetection - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - IntrusionDetection installs the components required for Tigera intrusion detection. At most one instance - of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired state for Tigera intrusion detection. - properties: - anomalyDetection: - description: - AnomalyDetection is now deprecated, and configuring it - has no effect. - properties: - storageClassName: - description: - StorageClassName is now deprecated, and configuring - it has no effect. - type: string - type: object - componentResources: - description: |- - ComponentResources can be used to customize the resource requirements for each component. - Only DeepPacketInspection is supported for this spec. - items: - description: - The ComponentResource struct associates a ResourceRequirements - with a component by name - properties: - componentName: - description: ComponentName is an enum which identifies the component - enum: - - DeepPacketInspection - type: string - resourceRequirements: - description: - ResourceRequirements allows customization of limits - and requests for compute resources such as cpu and memory. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - componentName - - resourceRequirements - type: object - type: array - deepPacketInspectionDaemonset: - description: DeepPacketInspectionDaemonset configures the DPI Daemonset - properties: - spec: - description: DPIDaemonsetSpec configures the DPI Daemonset - properties: - template: - description: Template specifies DPI Daemonset Template - properties: - spec: - description: Spec specifies DPI Daemonset Template Spec - properties: - initContainers: - description: - List of DPI Daemonset Init containers - definitions - items: - properties: - image: - description: Image name for the init container - type: string - name: - description: - Name is an enum that identifies - the init container by its name. - enum: - - snort-rules - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the init container's resources. - If omitted, the default values will be used for the init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - image - - name - type: object - maxItems: 1 - type: array - type: object - type: object - type: object - type: object - intrusionDetectionControllerDeployment: - description: - IntrusionDetectionControllerDeployment configures the - IntrusionDetection Controller Deployment. - properties: - spec: - description: - Spec is the specification of the IntrusionDetectionController - Deployment. - properties: - template: - description: - Template describes the IntrusionDetectionController - Deployment pod that will be created. - properties: - spec: - description: - Spec is the IntrusionDetectionController - Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of IntrusionDetectionController containers. - If specified, this overrides the specified IntrusionDetectionController Deployment containers. - If omitted, the IntrusionDetectionController Deployment will use its default values for its containers. - items: - description: - IntrusionDetectionControllerDeploymentContainer - is a IntrusionDetectionController Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the IntrusionDetectionController Deployment container by name. - Supported values are: controller, webhooks-processor - enum: - - controller - - webhooks-processor - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named IntrusionDetectionController Deployment container's resources. - If omitted, the IntrusionDetection Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of IntrusionDetectionController init containers. - If specified, this overrides the specified IntrusionDetectionController Deployment init containers. - If omitted, the IntrusionDetectionController Deployment will use its default values for its init containers. - items: - description: - IntrusionDetectionControllerDeploymentInitContainer - is a IntrusionDetectionController Deployment init - container. - properties: - name: - description: |- - Name is an enum which identifies the IntrusionDetectionController Deployment init container by name. - Supported values are: intrusion-detection-tls-key-cert-provisioner - enum: - - intrusion-detection-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named IntrusionDetectionController Deployment init container's resources. - If omitted, the IntrusionDetectionController Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: Most recently observed state for Tigera intrusion detection. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_istios.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_istios.yaml deleted file mode 100644 index d9313ad..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_istios.yaml +++ /dev/null @@ -1,3441 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: istios.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Istio - listKind: IstioList - plural: istios - singular: istio - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Istio is the Schema for the istios API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IstioSpec defines the desired state of Istio - properties: - dscpMark: - description: |- - DSCPMark define the value of the DSCP mark done by Felix and recognised by Istio CNI for Transparent - NetworkPolicies. - pattern: ^.* - type: integer - x-kubernetes-int-or-string: true - istioCNI: - description: - IstioCNIDaemonset defines the resource requirements for - the Istio CNI plugin. - properties: - spec: - description: - Spec allows users to specify custom fields for the - Istio CNI Daemonset. - properties: - template: - description: - Template allows users to specify custom fields - for the Istio CNI Daemonset. - properties: - spec: - description: - Spec allows users to specify custom fields - for the Istio CNI Daemonset. - properties: - affinity: - description: - Affinity specifies the affinity for the - deployment. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector specifies the node affinity - for the deployment. - type: object - resources: - description: - Resources specifies the compute resources - required for the deployment. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - description: - Tolerations specifies the tolerations - for the deployment. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - istiod: - description: - IstiodDeployment defines the resource requirements and - node selector for the Istio deployment. - properties: - spec: - description: - Spec allows users to specify custom fields for the - Istiod Deployment. - properties: - template: - description: - Template allows users to specify custom fields - for the Istiod Deployment. - properties: - spec: - description: - Spec allows users to specify custom fields - for the Istiod Deployment. - properties: - affinity: - description: - Affinity specifies the affinity for the - deployment. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector specifies the node affinity - for the deployment. - type: object - resources: - description: - Resources specifies the compute resources - required for the deployment. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - description: - Tolerations specifies the tolerations - for the deployment. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - ztunnel: - description: - ZTunnelDaemonset defines the resource requirements for - the ZTunnelDaemonset component. - properties: - spec: - description: - Spec allows users to specify custom fields for the - ZTunnel Daemonset. - properties: - template: - description: - Template allows users to specify custom fields - for the ZTunnel Daemonset. - properties: - spec: - description: - Spec allows users to specify custom fields - for the ZTunnel Daemonset. - properties: - affinity: - description: - Affinity specifies the affinity for the - deployment. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector specifies the node affinity - for the deployment. - type: object - resources: - description: - Resources specifies the compute resources - required for the deployment. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - description: - Tolerations specifies the tolerations - for the deployment. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: IstioStatus defines the observed state of Istio - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' - rule: self.metadata.name == 'default' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logcollectors.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logcollectors.yaml deleted file mode 100644 index ead9cef..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logcollectors.yaml +++ /dev/null @@ -1,649 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: logcollectors.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: LogCollector - listKind: LogCollectorList - plural: logcollectors - singular: logcollector - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - LogCollector installs the components required for Tigera flow and DNS log collection. At most one instance - of this resource is supported. It must be named "tigera-secure". When created, this installs fluentd on all nodes - configured to collect Tigera log data and export it to Tigera's Elasticsearch cluster as well as any additionally configured destinations. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired state for Tigera log collection. - properties: - additionalSources: - description: - Configuration for importing audit logs from managed kubernetes - cluster log sources. - properties: - eksCloudwatchLog: - description: |- - If specified with EKS Provider in Installation, enables fetching EKS - audit logs. - properties: - fetchInterval: - description: |- - Cloudwatch audit logs fetching interval in seconds. - Default: 60 - format: int32 - type: integer - groupName: - description: - Cloudwatch log-group name containing EKS audit - logs. - type: string - region: - description: AWS Region EKS cluster is hosted in. - type: string - streamPrefix: - description: |- - Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. - Default: kube-apiserver-audit- - type: string - required: - - groupName - - region - type: object - type: object - additionalStores: - description: - Configuration for exporting flow, audit, and DNS logs - to external storage. - properties: - s3: - description: - If specified, enables exporting of flow, audit, and - DNS logs to Amazon S3 storage. - properties: - bucketName: - description: Name of the S3 bucket to send logs - type: string - bucketPath: - description: Path in the S3 bucket where to send logs - type: string - hostScope: - description: - The set of hosts that will forward their logs - to this store. - enum: - - All - - NonClusterOnly - type: string - region: - description: AWS Region of the S3 bucket - type: string - required: - - bucketName - - bucketPath - - region - type: object - splunk: - description: - If specified, enables exporting of flow, audit, and - DNS logs to splunk. - properties: - endpoint: - description: - Location for splunk's http event collector end - point. example `https://1.2.3.4:8088` - type: string - hostScope: - description: - The set of hosts that will forward their logs - to this store - enum: - - All - - NonClusterOnly - type: string - required: - - endpoint - type: object - syslog: - description: - If specified, enables exporting of flow, audit, and - DNS logs to syslog. - properties: - encryption: - description: |- - Encryption configures traffic encryption to the Syslog server. - Default: None - enum: - - None - - TLS - type: string - endpoint: - description: "Location of the syslog server. example: tcp://1.2.3.4:601" - type: string - hostScope: - description: - The set of hosts that will forward their logs - to this store. - enum: - - All - - NonClusterOnly - type: string - logTypes: - description: |- - If no values are provided, the list will be updated to include log types Audit, DNS and Flows. - Default: Audit, DNS, Flows - items: - description: |- - SyslogLogType represents the allowable log types for syslog. - Allowable values are Audit, DNS, Flows and IDSEvents. - * Audit corresponds to audit logs for both Kubernetes resources and Enterprise custom resources. - * DNS corresponds to DNS logs generated by Calico node. - * Flows corresponds to flow logs generated by Calico node. - * IDSEvents corresponds to event logs for the intrusion detection system (anomaly detection, suspicious IPs, suspicious domains and global alerts). - enum: - - Audit - - DNS - - Flows - - IDSEvents - type: string - type: array - packetSize: - description: |- - PacketSize defines the maximum size of packets to send to syslog. - In general this is only needed if you notice long logs being truncated. - Default: 1024 - format: int32 - type: integer - required: - - endpoint - - logTypes - type: object - type: object - collectProcessPath: - description: |- - Configuration for enabling/disabling process path collection in flowlogs. - If Enabled, this feature sets hostPID to true in order to read process cmdline. - Default: Enabled - enum: - - Enabled - - Disabled - type: string - eksLogForwarderDeployment: - description: - EKSLogForwarderDeployment configures the EKSLogForwarderDeployment - Deployment. - properties: - spec: - description: - Spec is the specification of the EKSLogForwarder - Deployment. - properties: - template: - description: - Template describes the EKSLogForwarder Deployment - pod that will be created. - properties: - spec: - description: - Spec is the EKSLogForwarder Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of EKSLogForwarder containers. - If specified, this overrides the specified EKSLogForwarder Deployment containers. - If omitted, the EKSLogForwarder Deployment will use its default values for its containers. - items: - description: - EKSLogForwarderDeploymentContainer - is a EKSLogForwarder Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the EKSLogForwarder Deployment container by name. - Supported values are: eks-log-forwarder - enum: - - eks-log-forwarder - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named EKSLogForwarder Deployment container's resources. - If omitted, the EKSLogForwarder Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of EKSLogForwarder init containers. - If specified, this overrides the specified EKSLogForwarder Deployment init containers. - If omitted, the EKSLogForwarder Deployment will use its default values for its init containers. - items: - description: - EKSLogForwarderDeploymentInitContainer - is a EKSLogForwarder Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the EKSLogForwarder Deployment init container by name. - Supported values are: eks-log-forwarder-startup - enum: - - eks-log-forwarder-startup - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named EKSLogForwarder Deployment init container's resources. - If omitted, the EKSLogForwarder Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - fluentdDaemonSet: - description: FluentdDaemonSet configures the Fluentd DaemonSet. - properties: - spec: - description: Spec is the specification of the Fluentd DaemonSet. - properties: - template: - description: - Template describes the Fluentd DaemonSet pod - that will be created. - properties: - spec: - description: Spec is the Fluentd DaemonSet's PodSpec. - properties: - containers: - description: |- - Containers is a list of Fluentd DaemonSet containers. - If specified, this overrides the specified Fluentd DaemonSet containers. - If omitted, the Fluentd DaemonSet will use its default values for its containers. - items: - description: - FluentdDaemonSetContainer is a Fluentd - DaemonSet container. - properties: - name: - description: |- - Name is an enum which identifies the Fluentd DaemonSet container by name. - Supported values are: fluentd - enum: - - fluentd - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Fluentd DaemonSet container's resources. - If omitted, the Fluentd DaemonSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of Fluentd DaemonSet init containers. - If specified, this overrides the specified Fluentd DaemonSet init containers. - If omitted, the Fluentd DaemonSet will use its default values for its init containers. - items: - description: - FluentdDaemonSetInitContainer is a - Fluentd DaemonSet init container. - properties: - name: - description: |- - Name is an enum which identifies the Fluentd DaemonSet init container by name. - Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner - enum: - - tigera-fluentd-prometheus-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Fluentd DaemonSet init container's resources. - If omitted, the Fluentd DaemonSet will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - multiTenantManagementClusterNamespace: - description: |- - If running as a multi-tenant management cluster, the namespace in which - the management cluster's tenant services are running. - type: string - type: object - status: - description: Most recently observed state for Tigera log collection. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logstorages.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logstorages.yaml deleted file mode 100644 index b2c3491..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_logstorages.yaml +++ /dev/null @@ -1,1323 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: logstorages.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: LogStorage - listKind: LogStorageList - plural: logstorages - singular: logstorage - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - LogStorage installs the components required for Tigera flow and DNS log storage. At most one instance - of this resource is supported. It must be named "tigera-secure". When created, this installs an Elasticsearch cluster for use by - Calico Enterprise. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired state for Tigera log storage. - properties: - componentResources: - description: |- - ComponentResources can be used to customize the resource requirements for each component. - Only ECKOperator is supported for this spec. - items: - description: - The ComponentResource struct associates a ResourceRequirements - with a component by name - properties: - componentName: - description: |- - Deprecated. Please use ECKOperatorStatefulSet. - ComponentName is an enum which identifies the component - enum: - - ECKOperator - type: string - resourceRequirements: - description: - ResourceRequirements allows customization of limits - and requests for compute resources such as cpu and memory. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - componentName - - resourceRequirements - type: object - type: array - dataNodeSelector: - additionalProperties: - type: string - description: |- - DataNodeSelector gives you more control over the node that Elasticsearch will run on. The contents of DataNodeSelector will - be added to the PodSpec of the Elasticsearch nodes. For the pod to be eligible to run on a node, the node must have - each of the indicated key-value pairs as labels as well as access to the specified StorageClassName. - type: object - eckOperatorStatefulSet: - description: |- - ECKOperatorStatefulSet configures the ECKOperator StatefulSet. If used in conjunction with the deprecated - ComponentResources, then these overrides take precedence. - properties: - spec: - description: Spec is the specification of the ECKOperator StatefulSet. - properties: - template: - description: - Template describes the ECKOperator StatefulSet - pod that will be created. - properties: - spec: - description: Spec is the ECKOperator StatefulSet's PodSpec. - properties: - containers: - description: |- - Containers is a list of ECKOperator StatefulSet containers. - If specified, this overrides the specified ECKOperator StatefulSet containers. - If omitted, the ECKOperator StatefulSet will use its default values for its containers. - items: - description: - ECKOperatorStatefulSetContainer is - a ECKOperator StatefulSet container. - properties: - name: - description: |- - Name is an enum which identifies the ECKOperator StatefulSet container by name. - Supported values are: manager - enum: - - manager - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ECKOperator StatefulSet container's resources. - If omitted, the ECKOperator StatefulSet will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of ECKOperator StatefulSet init containers. - If specified, this overrides the specified ECKOperator StatefulSet init containers. - If omitted, the ECKOperator StatefulSet will use its default values for its init containers. - items: - description: - ECKOperatorStatefulSetInitContainer - is a ECKOperator StatefulSet init container. - properties: - name: - description: - Name is an enum which identifies - the ECKOperator StatefulSet init container - by name. - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ECKOperator StatefulSet init container's resources. - If omitted, the ECKOperator StatefulSet will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - elasticsearchMetricsDeployment: - description: - ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric - Deployment. - properties: - spec: - description: - Spec is the specification of the ElasticsearchMetrics - Deployment. - properties: - template: - description: - Template describes the ElasticsearchMetrics Deployment - pod that will be created. - properties: - spec: - description: - Spec is the ElasticsearchMetrics Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of ElasticsearchMetricsDeployment containers. - If specified, this overrides the specified ElasticsearchMetricsDeployment containers. - If omitted, the ElasticsearchMetrics Deployment will use its default values for its containers. - items: - description: - ElasticsearchMetricsDeploymentContainer - is a ElasticsearchMetricsDeployment container. - properties: - name: - description: |- - Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. - Supported values are: tigera-elasticsearch-metrics - enum: - - tigera-elasticsearch-metrics - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ElasticsearchMetricsDeployment container's resources. - If omitted, the ElasticsearchMetrics Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of ElasticsearchMetricsDeployment init containers. - If specified, this overrides the specified ElasticsearchMetricsDeployment init containers. - If omitted, the ElasticsearchMetrics Deployment will use its default values for its init containers. - items: - description: - ElasticsearchMetricsDeploymentInitContainer - is a ElasticsearchMetricsDeployment init container. - properties: - name: - description: |- - Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. - Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner - enum: - - tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named ElasticsearchMetricsDeployment init container's resources. - If omitted, the ElasticsearchMetrics Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - esGatewayDeployment: - description: ESGatewayDeployment configures the es-gateway Deployment. - properties: - spec: - description: Spec is the specification of the es-gateway Deployment. - properties: - template: - description: - Template describes the es-gateway Deployment - pod that will be created. - properties: - spec: - description: Spec is the es-gateway Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of es-gateway containers. - If specified, this overrides the specified es-gateway Deployment containers. - If omitted, the es-gateway Deployment will use its default values for its containers. - items: - description: - ESGatewayDeploymentContainer is a es-gateway - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the es-gateway Deployment container by name. - Supported values are: tigera-secure-es-gateway - enum: - - tigera-secure-es-gateway - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named es-gateway Deployment container's resources. - If omitted, the es-gateway Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of es-gateway init containers. - If specified, this overrides the specified es-gateway Deployment init containers. - If omitted, the es-gateway Deployment will use its default values for its init containers. - items: - description: - ESGatewayDeploymentInitContainer is - a es-gateway Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the es-gateway Deployment init container by name. - Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner - enum: - - tigera-secure-elasticsearch-cert-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named es-gateway Deployment init container's resources. - If omitted, the es-gateway Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - indices: - description: - Index defines the configuration for the indices in the - Elasticsearch cluster. - properties: - replicas: - description: - Replicas defines how many replicas each index will - have. See https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html - format: int32 - type: integer - type: object - kibana: - description: Kibana configures the Kibana Spec. - properties: - spec: - description: Spec is the specification of the Kibana. - properties: - template: - description: - Template describes the Kibana pod that will be - created. - properties: - spec: - description: Spec is the Kibana's PodSpec. - properties: - containers: - description: |- - Containers is a list of Kibana containers. - If specified, this overrides the specified Kibana Deployment containers. - If omitted, the Kibana Deployment will use its default values for its containers. - items: - description: KibanaContainer is a Kibana container. - properties: - name: - description: |- - Name is an enum which identifies the Kibana Deployment container by name. - Supported values are: kibana - enum: - - kibana - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Kibana container's resources. - If omitted, the Kibana will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of Kibana init containers. - If specified, this overrides the specified Kibana Deployment init containers. - If omitted, the Kibana Deployment will use its default values for its init containers. - items: - description: - KibanaInitContainer is a Kibana init - container. - properties: - name: - description: |- - Name is an enum which identifies the Kibana init container by name. - Supported values are: key-cert-provisioner - enum: - - key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Kibana Deployment init container's resources. - If omitted, the Kibana Deployment will use its default value for this init container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - linseedDeployment: - description: LinseedDeployment configures the linseed Deployment. - properties: - spec: - description: Spec is the specification of the linseed Deployment. - properties: - template: - description: - Template describes the linseed Deployment pod - that will be created. - properties: - spec: - description: Spec is the linseed Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of linseed containers. - If specified, this overrides the specified linseed Deployment containers. - If omitted, the linseed Deployment will use its default values for its containers. - items: - description: - LinseedDeploymentContainer is a linseed - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the linseed Deployment container by name. - Supported values are: tigera-linseed - enum: - - tigera-linseed - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named linseed Deployment container's resources. - If omitted, the linseed Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of linseed init containers. - If specified, this overrides the specified linseed Deployment init containers. - If omitted, the linseed Deployment will use its default values for its init containers. - items: - description: - LinseedDeploymentInitContainer is a - linseed Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the linseed Deployment init container by name. - Supported values are: tigera-secure-linseed-token-tls-key-cert-provisioner,tigera-secure-linseed-cert-key-cert-provisioner - enum: - - tigera-secure-linseed-token-tls-key-cert-provisioner - - tigera-secure-linseed-cert-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named linseed Deployment init container's resources. - If omitted, the linseed Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - nodes: - description: - Nodes defines the configuration for a set of identical - Elasticsearch cluster nodes, each of type master, data, and ingest. - properties: - count: - description: - Count defines the number of nodes in the Elasticsearch - cluster. - format: int64 - type: integer - nodeSets: - description: - NodeSets defines configuration specific to each Elasticsearch - Node Set - items: - description: - NodeSets defines configuration specific to each - Elasticsearch Node Set - properties: - selectionAttributes: - description: |- - SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and - Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used - to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. - items: - description: |- - NodeSetSelectionAttribute defines a K8s node "attribute" the Elasticsearch nodes should be aware of. The "Name" and "Value" - are used together to set the "awareness" attributes in Elasticsearch, while the "NodeLabel" and "Value" are used together - to define Node Affinity for the Pods created for the Elasticsearch nodes. - properties: - name: - type: string - nodeLabel: - type: string - value: - type: string - required: - - name - - nodeLabel - - value - type: object - type: array - type: object - type: array - resourceRequirements: - description: - ResourceRequirements defines the resource limits - and requirements for the Elasticsearch cluster. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - type: object - retention: - description: - Retention defines how long data is retained in the Elasticsearch - cluster before it is cleared. - properties: - auditReports: - description: |- - AuditReports configures the retention period for audit logs, in days. Logs written on a day that started at least this long ago are - removed. To keep logs for at least x days, use a retention period of x+1. - Default: 91 - format: int32 - type: integer - bgpLogs: - description: |- - BGPLogs configures the retention period for BGP logs, in days. Logs written on a day that started at least this long ago - are removed. To keep logs for at least x days, use a retention period of x+1. - Default: 8 - format: int32 - type: integer - complianceReports: - description: |- - ComplianceReports configures the retention period for compliance reports, in days. Reports are output - from the analysis of the system state and audit events for compliance reporting. - Consult the Compliance Reporting documentation for more details on reports. - Logs written on a day that started at least this long ago are - removed. To keep logs for at least x days, use a retention period of x+1. - Default: 91 - format: int32 - type: integer - dnsLogs: - description: |- - DNSLogs configures the retention period for DNS logs, in days. Logs written on a day that started at least this long ago - are removed. To keep logs for at least x days, use a retention period of x+1. - Default: 8 - format: int32 - type: integer - flows: - description: |- - Flows configures the retention period for flow logs, in days. Logs written on a day that started at least this long ago - are removed. To keep logs for at least x days, use a retention period of x+1. - Default: 8 - format: int32 - type: integer - snapshots: - description: |- - Snapshots configures the retention period for snapshots, in days. Snapshots are periodic captures - of resources which along with audit events are used to generate reports. - Consult the Compliance Reporting documentation for more details on snapshots. - Logs written on a day that started at least this long ago are - removed. To keep logs for at least x days, use a retention period of x+1. - Default: 91 - format: int32 - type: integer - type: object - storageClassName: - description: |- - StorageClassName will populate the PersistentVolumeClaim.StorageClassName that is used to provision disks to the - Tigera Elasticsearch cluster. The StorageClassName should only be modified when no LogStorage is currently - active. We recommend choosing a storage class dedicated to Tigera LogStorage only. Otherwise, data retention - cannot be guaranteed during upgrades. See https://docs.tigera.io/maintenance/upgrading for up-to-date instructions. - Default: tigera-elasticsearch - type: string - type: object - status: - description: Most recently observed state for Tigera log storage. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - elasticsearchHash: - description: |- - ElasticsearchHash represents the current revision and configuration of the installed Elasticsearch cluster. This - is an opaque string which can be monitored for changes to perform actions when Elasticsearch is modified. - type: string - kibanaHash: - description: |- - KibanaHash represents the current revision and configuration of the installed Kibana dashboard. This - is an opaque string which can be monitored for changes to perform actions when Kibana is modified. - type: string - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusterconnections.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusterconnections.yaml deleted file mode 100644 index 65899a8..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusterconnections.yaml +++ /dev/null @@ -1,356 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: managementclusterconnections.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: ManagementClusterConnection - listKind: ManagementClusterConnectionList - plural: managementclusterconnections - singular: managementclusterconnection - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - ManagementClusterConnection represents a link between a managed cluster and a management cluster. At most one - instance of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - ManagementClusterConnectionSpec defines the desired state - of ManagementClusterConnection - properties: - guardianDeployment: - description: GuardianDeployment configures the guardian Deployment. - properties: - spec: - description: Spec is the specification of the guardian Deployment. - properties: - template: - description: - Template describes the guardian Deployment pod - that will be created. - properties: - spec: - description: Spec is the guardian Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of guardian containers. - If specified, this overrides the specified guardian Deployment containers. - If omitted, the guardian Deployment will use its default values for its containers. - items: - description: - GuardianDeploymentContainer is a guardian - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the guardian Deployment container by name. - Supported values are: tigera-guardian - enum: - - tigera-guardian - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named guardian Deployment container's resources. - If omitted, the guardian Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of guardian init containers. - If specified, this overrides the specified guardian Deployment init containers. - If omitted, the guardian Deployment will use its default values for its init containers. - items: - description: - GuardianDeploymentInitContainer is - a guardian Deployment init container. - properties: - name: - description: - Name is an enum which identifies - the guardian Deployment init container by - name. - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named guardian Deployment init container's resources. - If omitted, the guardian Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - impersonation: - description: |- - Impersonation configures the RBAC impersonation permissions for the guardian deployment. This field is not - applicable to installation variant Calico as no impersonation is ever used. Otherwise, if this field is left nil, - a default set of permissions will be applied. - WARNING: If this field is specified, it completely replaces the default permissions. - For example, providing an empty `impersonation: {}` block will result in guardian - having NO impersonation permissions. Similarly, if you specify `users` but omit `groups`, - guardian will lose its default permissions to impersonate groups. - properties: - groups: - description: |- - Groups is a list of group names that can be impersonated. An empty list infers all groups can be impersonated, - a null values means none. - items: - type: string - type: array - serviceAccounts: - description: |- - ServiceAccounts is a list of service account names that can be impersonated. An empty list infers all service accounts can - be impersonated, a null values means none. - items: - type: string - type: array - users: - description: |- - Users is a list of users that can be impersonated. An empty list infers all users can be impersonated, a null - value means none. - items: - type: string - type: array - type: object - managementClusterAddr: - description: |- - Specify where the managed cluster can reach the management cluster. Ex.: "10.128.0.10:30449". A managed cluster - should be able to access this address. This field is used by managed clusters only. - type: string - tls: - description: - TLS provides options for configuring how Managed Clusters - can establish an mTLS connection with the Management Cluster. - properties: - ca: - description: |- - CA indicates which verification method the tunnel client should use to verify the tunnel server's identity. - When left blank or set to 'Tigera', the tunnel client will expect a self-signed cert to be included in the certificate bundle - and will expect the cert to have a Common Name (CN) of 'voltron'. - When set to 'Public', the tunnel client will use its installed system certs and will use the managementClusterAddr to verify the tunnel server's identity. - Default: Tigera - enum: - - Tigera - - Public - type: string - type: object - type: object - status: - description: - ManagementClusterConnectionStatus defines the observed state - of ManagementClusterConnection - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' or 'tigera-secure' - rule: self.metadata.name == 'default' || self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusters.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusters.yaml deleted file mode 100644 index 05c38b7..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managementclusters.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: managementclusters.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: ManagementCluster - listKind: ManagementClusterList - plural: managementclusters - singular: managementcluster - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - The presence of ManagementCluster in your cluster, will configure it to be the management plane to which managed - clusters can connect. At most one instance of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ManagementClusterSpec defines the desired state of a ManagementCluster - properties: - address: - description: |- - This field specifies the externally reachable address to which your managed cluster will connect. When a managed - cluster is added, this field is used to populate an easy-to-apply manifest that will connect both clusters. - Valid examples are: "0.0.0.0:31000", "example.com:32000", "[::1]:32500" - type: string - tls: - description: - TLS provides options for configuring how Managed Clusters - can establish an mTLS connection with the Management Cluster. - properties: - secretName: - description: |- - SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. - When set to calico-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. - When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. - This cert bundle must be a publicly signed cert created by the user. - Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, - and use of that cert will result in Guardian being unable to verify Voltron's identity. - If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron's identity. - To reconnect existing managed clusters, change the tls.ca of the managed clusters' ManagementClusterConnection resource. - One of: calico-management-cluster-connection, manager-tls, tigera-management-cluster-connection (deprecated) - Default: calico-management-cluster-connection - enum: - - calico-management-cluster-connection - - manager-tls - - tigera-management-cluster-connection - type: string - type: object - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managers.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managers.yaml deleted file mode 100644 index 64dda05..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_managers.yaml +++ /dev/null @@ -1,314 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: managers.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Manager - listKind: ManagerList - plural: managers - singular: manager - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Manager installs the Calico Enterprise manager graphical user interface. At most one instance - of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - Specification of the desired state for the Calico Enterprise - manager. - properties: - managerDeployment: - description: ManagerDeployment configures the Manager Deployment. - properties: - spec: - description: Spec is the specification of the Manager Deployment. - properties: - template: - description: - Template describes the Manager Deployment pod - that will be created. - properties: - spec: - description: Spec is the Manager Deployment's PodSpec. - properties: - containers: - description: |- - Containers is a list of Manager containers. - If specified, this overrides the specified Manager Deployment containers. - If omitted, the Manager Deployment will use its default values for its containers. - items: - description: - ManagerDeploymentContainer is a Manager - Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the Manager Deployment container by name. - Supported values are: calico-voltron, calico-manager, calico-ui-apis, calico-dashboard-api, tigera-voltron (deprecated), tigera-manager (deprecated), tigera-ui-apis (deprecated), tigera-es-proxy (deprecated) - enum: - - calico-voltron - - calico-manager - - calico-ui-apis - - calico-dashboard-api - - tigera-voltron - - tigera-manager - - tigera-ui-apis - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Manager Deployment container's resources. - If omitted, the Manager Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of Manager init containers. - If specified, this overrides the specified Manager Deployment init containers. - If omitted, the Manager Deployment will use its default values for its init containers. - items: - description: - ManagerDeploymentInitContainer is a - Manager Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the Manager Deployment init container by name. - Supported values are: manager-tls-key-cert-provisioner, internal-manager-tls-key-cert-provisioner, calico-voltron-linseed-tls-key-cert-provisioner, tigera-voltron-linseed-tls-key-cert-provisioner (deprecated) - enum: - - manager-tls-key-cert-provisioner - - internal-manager-tls-key-cert-provisioner - - calico-voltron-linseed-tls-key-cert-provisioner - - tigera-voltron-linseed-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Manager Deployment init container's resources. - If omitted, the Manager Deployment will use its default value for this init container's resources. - If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: Most recently observed state for the Calico Enterprise manager. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_monitors.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_monitors.yaml deleted file mode 100644 index 2be3c03..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_monitors.yaml +++ /dev/null @@ -1,613 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: monitors.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Monitor - listKind: MonitorList - plural: monitors - singular: monitor - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Monitor is the Schema for the monitor API. At most one instance - of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MonitorSpec defines the desired state of Tigera monitor. - properties: - alertManager: - description: AlertManager is the configuration for the AlertManager. - properties: - spec: - description: Spec is the specification of the Alertmanager. - properties: - resources: - description: - Define resources requests and limits for single - Pods. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - type: object - type: object - externalPrometheus: - description: |- - ExternalPrometheus optionally configures integration with an external Prometheus for scraping Calico metrics. When - specified, the operator will render resources in the defined namespace. This option can be useful for configuring - scraping from git-ops tools without the need of post-installation steps. - properties: - namespace: - description: |- - Namespace is the namespace where the operator will create resources for your Prometheus instance. The namespace - must be created before the operator will create Prometheus resources. - type: string - serviceMonitor: - description: |- - ServiceMonitor when specified, the operator will create a ServiceMonitor object in the namespace. It is recommended - that you configure labels if you want your prometheus instance to pick up the configuration automatically. - The operator will configure 1 endpoint by default: - - Params to scrape all metrics available in Calico Enterprise. - - BearerTokenSecret (If not overridden, the operator will also create corresponding RBAC that allows authz to the metrics.) - - TLSConfig, containing the caFile and serverName. - properties: - endpoints: - description: |- - The endpoints to scrape. This struct contains a subset of the Endpoint as defined in the prometheus docs. Fields - related to connecting to our Prometheus server are automatically set by the operator. - items: - description: - Endpoint contains a subset of relevant fields - from the Prometheus Endpoint struct. - properties: - bearerTokenSecret: - description: |- - Secret to mount to read bearer token for scraping targets. - Recommended: when unset, the operator will create a Secret, a ClusterRole and a ClusterRoleBinding. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - honorLabels: - description: - HonorLabels chooses the metric's labels - on collisions with target labels. - type: boolean - honorTimestamps: - description: - HonorTimestamps controls whether Prometheus - respects the timestamps present in scraped data. - type: boolean - interval: - description: |- - Interval at which metrics should be scraped. - If not specified Prometheus' global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: - MetricRelabelConfigs to apply to samples - before ingestion. - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: - Regular expression against which - the extracted value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - Regex capture groups are available. - type: string - separator: - description: - Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. - type: string - type: object - type: array - params: - additionalProperties: - items: - type: string - type: array - description: |- - Optional HTTP URL parameters - Default: scrape all metrics. - type: object - relabelings: - description: |- - RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: - Regular expression against which - the extracted value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - Regex capture groups are available. - type: string - separator: - description: - Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. - type: string - type: object - type: array - scrapeTimeout: - description: |- - Timeout after which the scrape is ended. - If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: object - type: array - labels: - additionalProperties: - type: string - description: |- - Labels are the metadata.labels of the ServiceMonitor. When combined with spec.serviceMonitorSelector.matchLabels - on your prometheus instance, the service monitor will automatically be picked up. - Default: k8s-app=tigera-prometheus - type: object - type: object - required: - - namespace - type: object - prometheus: - description: Prometheus is the configuration for the Prometheus. - properties: - spec: - description: Spec is the specification of the Prometheus. - properties: - commonPrometheusFields: - description: - CommonPrometheusFields are the options available - to both the Prometheus server and agent. - properties: - containers: - description: |- - Containers is a list of Prometheus containers. - If specified, this overrides the specified Prometheus Deployment containers. - If omitted, the Prometheus Deployment will use its default values for its containers. - items: - description: PrometheusContainer is a Prometheus container. - properties: - name: - description: |- - Name is an enum which identifies the Prometheus Deployment container by name. - Supported values are: authn-proxy - enum: - - authn-proxy - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named Prometheus container's resources. - If omitted, the Prometheus will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - resources: - description: - Define resources requests and limits for - single Pods. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - type: object - type: object - type: object - type: object - status: - description: MonitorStatus defines the observed state of Tigera monitor. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_nonclusterhosts.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_nonclusterhosts.yaml deleted file mode 100644 index d6103b7..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_nonclusterhosts.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: nonclusterhosts.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: NonClusterHost - listKind: NonClusterHostList - plural: nonclusterhosts - singular: nonclusterhost - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - NonClusterHost installs the components required for non-cluster host log collection. - At most one instance of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - Specification of the desired state for non-cluster host log - collection. - properties: - endpoint: - description: - "Location of the log ingestion point for non-cluster - hosts. For example: https://1.2.3.4:443" - pattern: ^https://.+$ - type: string - typhaEndpoint: - description: - "Location of the Typha endpoint for non-cluster host - Felix and Typha communication. For example: 5.6.7.8:5473" - type: string - required: - - endpoint - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_packetcaptureapis.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_packetcaptureapis.yaml deleted file mode 100644 index 6622ab5..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_packetcaptureapis.yaml +++ /dev/null @@ -1,308 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: packetcaptureapis.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: PacketCaptureAPI - listKind: PacketCaptureAPIList - plural: packetcaptureapis - singular: packetcaptureapi - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: - PacketCaptureAPI is used to configure the resource requirement - for PacketCaptureAPI deployment. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired state for the PacketCaptureAPI. - properties: - packetCaptureAPIDeployment: - description: - PacketCaptureAPIDeployment configures the PacketCaptureAPI - Deployment. - properties: - spec: - description: - Spec is the specification of the PacketCaptureAPI - Deployment. - properties: - template: - description: - Template describes the PacketCaptureAPI Deployment - pod that will be created. - properties: - spec: - description: - Spec is the PacketCaptureAPI Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of PacketCaptureAPI containers. - If specified, this overrides the specified PacketCaptureAPI Deployment containers. - If omitted, the PacketCaptureAPI Deployment will use its default values for its containers. - items: - description: - PacketCaptureAPIDeploymentContainer - is a PacketCaptureAPI Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the PacketCaptureAPI Deployment container by name. - Supported values are: tigera-packetcapture-server - enum: - - tigera-packetcapture-server - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named PacketCaptureAPI Deployment container's resources. - If omitted, the PacketCaptureAPI Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of PacketCaptureAPI init containers. - If specified, this overrides the specified PacketCaptureAPI Deployment init containers. - If omitted, the PacketCaptureAPI Deployment will use its default values for its init containers. - items: - description: - PacketCaptureAPIDeploymentInitContainer - is a PacketCaptureAPI Deployment init container. - properties: - name: - description: |- - Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. - Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner - enum: - - tigera-packetcapture-server-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named PacketCaptureAPI Deployment init container's resources. - If omitted, the PacketCaptureAPI Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: Most recently observed state for the PacketCaptureAPI. - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_policyrecommendations.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_policyrecommendations.yaml deleted file mode 100644 index 485b205..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_policyrecommendations.yaml +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: policyrecommendations.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: PolicyRecommendation - listKind: PolicyRecommendationList - plural: policyrecommendations - singular: policyrecommendation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - PolicyRecommendation is the Schema for the policy recommendation API. At most one instance - of this resource is supported. It must be named "tigera-secure". - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation - service. - properties: - policyRecommendationDeployment: - description: - PolicyRecommendation configures the PolicyRecommendation - Deployment. - properties: - spec: - description: - Spec is the specification of the PolicyRecommendation - Deployment. - properties: - template: - description: - Template describes the PolicyRecommendation Deployment - pod that will be created. - properties: - spec: - description: - Spec is the PolicyRecommendation Deployment's - PodSpec. - properties: - containers: - description: |- - Containers is a list of PolicyRecommendation containers. - If specified, this overrides the specified PolicyRecommendation Deployment containers. - If omitted, the PolicyRecommendation Deployment will use its default values for its containers. - items: - description: - PolicyRecommendationDeploymentContainer - is a PolicyRecommendation Deployment container. - properties: - name: - description: |- - Name is an enum which identifies the PolicyRecommendation Deployment container by name. - Supported values are: policy-recommendation-controller - enum: - - policy-recommendation-controller - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named PolicyRecommendation Deployment container's resources. - If omitted, the PolicyRecommendation Deployment will use its default value for this container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - initContainers: - description: |- - InitContainers is a list of PolicyRecommendation init containers. - If specified, this overrides the specified PolicyRecommendation Deployment init containers. - If omitted, the PolicyRecommendation Deployment will use its default values for its init containers. - items: - description: - PolicyRecommendationDeploymentInitContainer - is a PolicyRecommendation Deployment init container. - properties: - name: - description: - Name is an enum which identifies - the PolicyRecommendation Deployment init container - by name. - enum: - - policy-recommendation-tls-key-cert-provisioner - type: string - resources: - description: |- - Resources allows customization of limits and requests for compute resources such as cpu and memory. - If specified, this overrides the named PolicyRecommendation Deployment init container's resources. - If omitted, the PolicyRecommendation Deployment will use its default value for this init container's resources. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: - PolicyRecommendationStatus defines the observed state of - Tigera policy recommendation. - properties: - state: - description: State provides user-readable status. - type: string - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'tigera-secure' - rule: self.metadata.name == 'tigera-secure' - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tigerastatuses.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tigerastatuses.yaml deleted file mode 100644 index 282b0a1..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tigerastatuses.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: tigerastatuses.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: TigeraStatus - listKind: TigeraStatusList - plural: tigerastatuses - singular: tigerastatus - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Whether the component running and stable. - jsonPath: .status.conditions[?(@.type=='Available')].status - name: Available - type: string - - description: Whether the component is processing changes. - jsonPath: .status.conditions[?(@.type=='Progressing')].status - name: Progressing - type: string - - description: Whether the component is degraded. - jsonPath: .status.conditions[?(@.type=='Degraded')].status - name: Degraded - type: string - - description: The time the component's Available status last changed. - jsonPath: .status.conditions[?(@.type=='Available')].lastTransitionTime - name: Since - type: date - name: v1 - schema: - openAPIV3Schema: - description: - TigeraStatus represents the most recently observed status for - Calico or a Calico Enterprise functional area. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TigeraStatusSpec defines the desired state of TigeraStatus - type: object - status: - description: TigeraStatusStatus defines the observed state of TigeraStatus - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for this component. A component may be one or more of - Available, Progressing, or Degraded. - items: - description: - TigeraStatusCondition represents a condition attached - to a particular component. - properties: - lastTransitionTime: - description: - The timestamp representing the start time for the - current status. - format: date-time - type: string - message: - description: - Optionally, a detailed message providing additional - context. - type: string - observedGeneration: - description: |- - observedGeneration represents the generation that the condition was set based upon. - For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: A brief reason explaining the condition. - type: string - status: - description: - The status of the condition. May be True, False, - or Unknown. - type: string - type: - description: - The type of condition. May be Available, Progressing, - or Degraded. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlspassthroughroutes.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlspassthroughroutes.yaml deleted file mode 100644 index 5876bbe..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlspassthroughroutes.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: tlspassthroughroutes.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: TLSPassThroughRoute - listKind: TLSPassThroughRouteList - plural: tlspassthroughroutes - singular: tlspassthroughroute - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Dest is the destination URL - properties: - destination: - description: - Destination is the destination url to proxy the request - to. - type: string - sniMatch: - description: |- - SNIMatch is used to match requests based on the server name for the intended destination server. Matching requests - will be proxied to the Destination. - properties: - serverName: - description: - ServerName is used to match the server name for the - request. - type: string - required: - - serverName - type: object - target: - enum: - - UpstreamTunnel - type: string - required: - - destination - - sniMatch - - target - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlsterminatedroutes.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlsterminatedroutes.yaml deleted file mode 100644 index 3cd0f66..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_tlsterminatedroutes.yaml +++ /dev/null @@ -1,163 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: tlsterminatedroutes.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: TLSTerminatedRoute - listKind: TLSTerminatedRouteList - plural: tlsterminatedroutes - singular: tlsterminatedroute - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - caBundle: - description: |- - CABundle is where we read the CA bundle from to authenticate the - destination (if non-empty) - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: - Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - destination: - description: - Destination is the destination URL where matching traffic - is routed to. - type: string - mtlsCert: - description: |- - ForwardingMTLSCert is the certificate used for mTLS between voltron and the destination. Either both ForwardingMTLSCert - and ForwardingMTLSKey must be specified, or neither can be specified. - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - mtlsKey: - description: |- - ForwardingMTLSKey is the key used for mTLS between voltron and the destination. Either both ForwardingMTLSCert - and ForwardingMTLSKey must be specified, or neither can be specified. - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - pathMatch: - description: |- - PathMatch is used to match requests based on what's in the path. Matching requests will be proxied to the Destination - defined in this structure. - properties: - path: - description: - Path is the path portion of the URL based on which - we proxy. - type: string - pathRegexp: - description: - PathRegexp, if not nil, checks if Regexp matches - the path. - type: string - pathReplace: - description: - PathReplace if not nil will be used to replace PathRegexp - matches. - type: string - required: - - path - type: object - target: - enum: - - UpstreamTunnel - - UI - type: string - unauthenticated: - description: |- - Unauthenticated says whether the request should go through authentication. This is only applicable if the Target - is UI. - type: boolean - required: - - caBundle - - destination - - pathMatch - - target - type: object - type: object - served: true - storage: true diff --git a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_whiskers.yaml b/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_whiskers.yaml deleted file mode 100644 index fb66ddc..0000000 --- a/charts/crd.projectcalico.org.v1/templates/operator.tigera.io_whiskers.yaml +++ /dev/null @@ -1,1527 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: whiskers.operator.tigera.io -spec: - group: operator.tigera.io - names: - kind: Whisker - listKind: WhiskerList - plural: whiskers - singular: whisker - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - notifications: - description: |- - Default: Enabled - This setting enables calls to an external API to retrieve notification banner text in the Whisker UI. - Allowed values are Enabled or Disabled. Defaults to Enabled. - type: string - whiskerDeployment: - description: - WhiskerDeployment is the configuration for the whisker - Deployment. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's metadata - that is added to the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the specification of the whisker Deployment. - properties: - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should - be ready without any of its container crashing, for it to be considered available. - If specified, this overrides any minReadySeconds value that may be set on the whisker Deployment. - If omitted, the whisker Deployment will use its default value for minReadySeconds. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - strategy: - description: - The deployment strategy to use to replace existing - pods with new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if DeploymentStrategyType = - RollingUpdate. - to be. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be scheduled above the desired number of - pods. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - the rolling update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that total number of pods running - at any time during the update is at most 130% of desired pods. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - that the total number of pods available at all times during the update is at - least 70% of desired pods. - x-kubernetes-int-or-string: true - type: object - type: object - template: - description: - Template describes the whisker Deployment pod - that will be created. - properties: - metadata: - description: - Metadata is a subset of a Kubernetes object's - metadata that is added to the pod's metadata. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is a map of arbitrary non-identifying metadata. Each of these - key/value pairs are added to the object's annotations provided the key does not - already exist in the object's annotations. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels is a map of string keys and values that may match replicaset and - service selectors. Each of these key/value pairs are added to the - object's labels provided the key does not already exist in the object's labels. - type: object - type: object - spec: - description: Spec is the whisker Deployment's PodSpec. - properties: - affinity: - description: - Affinity is a group of affinity scheduling - rules for the whisker pods. - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: - The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: |- - Containers is a list of whisker containers. - If specified, this overrides the specified EGW Deployment containers. - If omitted, the whisker Deployment will use its default values for its containers. - items: - properties: - name: - enum: - - whisker - - whisker-backend - type: string - resources: - description: - ResourceRequirements describes - the compute resource requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - This field depends on the - DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. - items: - description: - ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - NodeSelector gives more control over - the nodes where the whisker pods will run on. - type: object - priorityClassName: - description: - PriorityClassName allows to specify a - PriorityClass resource to be used. - type: string - terminationGracePeriodSeconds: - description: - TerminationGracePeriodSeconds defines - the termination grace period of the whisker pods - in seconds. - format: int64 - minimum: 0 - type: integer - tolerations: - description: |- - Tolerations is the whisker pod's tolerations. - If specified, this overrides any tolerations that may be set on the whisker Deployment. - If omitted, the whisker Deployment will use its default value for tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object - type: object - type: object - type: object - type: object - status: - description: WhiskerStatus defines the observed state of Whisker - properties: - conditions: - description: |- - Conditions represents the latest observed set of conditions for the component. A component may be one or more of - Ready, Progressing, Degraded or other customer types. - items: - description: - Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - x-kubernetes-validations: - - message: resource name must be 'default' - rule: self.metadata.name == 'default' - served: true - storage: true - subresources: - status: {} diff --git a/lib.Makefile b/lib.Makefile index 61a1f6f..49b54fe 100644 --- a/lib.Makefile +++ b/lib.Makefile @@ -382,8 +382,6 @@ ifneq ($(CALICO_API_GROUP),projectcalico.org/v3) CALICO_CRD_PATH = libcalico-go/config/crd/ endif -CALICO_ADMISSION_POLICY_PATH ?= api/admission/ - # The image to use for building calico/base-dependent modules (e.g. apiserver, typha). ifdef USE_UBI_AS_CALICO_BASE CALICO_BASE ?= $(UBI_IMAGE) @@ -1598,7 +1596,7 @@ $(REPO_ROOT)/.$(KIND_NAME).created: $(KUBECTL) $(KIND) while ! KUBECONFIG=$(KIND_KUBECONFIG) $(KUBECTL) apply -f $(REPO_ROOT)/libcalico-go/config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml; do echo "Waiting for CRDs to be created"; sleep 2; done # Install mutating admission policies. - while ! KUBECONFIG=$(KIND_KUBECONFIG) $(KUBECTL) apply -f $(REPO_ROOT)/$(CALICO_ADMISSION_POLICY_PATH); do echo "Waiting for mutating admission policies to be created"; sleep 2; done + while ! KUBECONFIG=$(KIND_KUBECONFIG) $(KUBECTL) apply -f $(REPO_ROOT)/api/admission/; do echo "Waiting for mutating admission policies to be created"; sleep 2; done touch $@ diff --git a/libcalico-go/config/crd/crd.projectcalico.org_alertexceptions.yaml b/libcalico-go/config/crd/crd.projectcalico.org_alertexceptions.yaml deleted file mode 100644 index 485dd37..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_alertexceptions.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: alertexceptions.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: AlertException - listKind: AlertExceptionList - plural: alertexceptions - singular: alertexception - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - description: - type: string - endTime: - format: date-time - type: string - selector: - type: string - startTime: - format: date-time - type: string - required: - - description - - selector - - startTime - type: object - status: - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_bfdconfigurations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_bfdconfigurations.yaml deleted file mode 100644 index 3e996ec..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_bfdconfigurations.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: bfdconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BFDConfiguration - listKind: BFDConfigurationList - plural: bfdconfigurations - singular: bfdconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - interfaces: - items: - properties: - idleSendInterval: - default: 1m - type: string - matchPattern: - type: string - minimumRecvInterval: - default: 10ms - type: string - minimumSendInterval: - default: 100ms - type: string - multiplier: - default: 5 - type: integer - required: - - matchPattern - type: object - type: array - nodeSelector: - type: string - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_bgpconfigurations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_bgpconfigurations.yaml deleted file mode 100644 index 1247426..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_bgpconfigurations.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: bgpconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPConfiguration - listKind: BGPConfigurationList - plural: bgpconfigurations - singular: bgpconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - asNumber: - format: int32 - type: integer - bindMode: - enum: - - None - - NodeIP - type: string - communities: - items: - properties: - name: - type: string - value: - pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - extensions: - additionalProperties: - type: string - type: object - ignoredInterfaces: - items: - type: string - type: array - x-kubernetes-list-type: set - listenPort: - maximum: 65535 - minimum: 1 - type: integer - localWorkloadPeeringIPV4: - type: string - localWorkloadPeeringIPV6: - type: string - logSeverityScreen: - default: Info - pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$ - type: string - nodeMeshMaxRestartTime: - type: string - nodeMeshPassword: - properties: - secretKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - nodeToNodeMeshEnabled: - type: boolean - prefixAdvertisements: - items: - properties: - cidr: - format: cidr - type: string - communities: - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - serviceClusterIPs: - items: - properties: - cidr: - format: cidr - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - serviceExternalIPs: - items: - properties: - cidr: - format: cidr - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - serviceLoadBalancerAggregation: - default: Enabled - enum: - - Enabled - - Disabled - type: string - serviceLoadBalancerIPs: - items: - properties: - cidr: - format: cidr - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_bgpfilters.yaml b/libcalico-go/config/crd/crd.projectcalico.org_bgpfilters.yaml deleted file mode 100644 index 3eb7eb8..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_bgpfilters.yaml +++ /dev/null @@ -1,204 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: bgpfilters.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPFilter - listKind: BGPFilterList - plural: bgpfilters - singular: bgpfilter - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - exportV4: - items: - properties: - action: - enum: - - Accept - - Reject - type: string - cidr: - format: cidr - type: string - interface: - type: string - matchOperator: - enum: - - Equal - - NotEqual - - In - - NotIn - type: string - prefixLength: - properties: - max: - format: int32 - maximum: 32 - minimum: 0 - type: integer - min: - format: int32 - maximum: 32 - minimum: 0 - type: integer - type: object - x-kubernetes-map-type: atomic - source: - enum: - - RemotePeers - type: string - required: - - action - type: object - x-kubernetes-map-type: atomic - type: array - exportV6: - items: - properties: - action: - enum: - - Accept - - Reject - type: string - cidr: - format: cidr - type: string - interface: - type: string - matchOperator: - enum: - - Equal - - NotEqual - - In - - NotIn - type: string - prefixLength: - properties: - max: - format: int32 - maximum: 128 - minimum: 0 - type: integer - min: - format: int32 - maximum: 128 - minimum: 0 - type: integer - type: object - x-kubernetes-map-type: atomic - source: - enum: - - RemotePeers - type: string - required: - - action - type: object - x-kubernetes-map-type: atomic - type: array - importV4: - items: - properties: - action: - enum: - - Accept - - Reject - type: string - cidr: - format: cidr - type: string - interface: - type: string - matchOperator: - enum: - - Equal - - NotEqual - - In - - NotIn - type: string - prefixLength: - properties: - max: - format: int32 - maximum: 32 - minimum: 0 - type: integer - min: - format: int32 - maximum: 32 - minimum: 0 - type: integer - type: object - x-kubernetes-map-type: atomic - source: - enum: - - RemotePeers - type: string - required: - - action - type: object - x-kubernetes-map-type: atomic - type: array - importV6: - items: - properties: - action: - enum: - - Accept - - Reject - type: string - cidr: - format: cidr - type: string - interface: - type: string - matchOperator: - enum: - - Equal - - NotEqual - - In - - NotIn - type: string - prefixLength: - properties: - max: - format: int32 - maximum: 128 - minimum: 0 - type: integer - min: - format: int32 - maximum: 128 - minimum: 0 - type: integer - type: object - x-kubernetes-map-type: atomic - source: - enum: - - RemotePeers - type: string - required: - - action - type: object - x-kubernetes-map-type: atomic - type: array - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_bgppeers.yaml b/libcalico-go/config/crd/crd.projectcalico.org_bgppeers.yaml deleted file mode 100644 index 7706581..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_bgppeers.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: bgppeers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - asNumber: - format: int32 - type: integer - birdGatewayMode: - type: string - extensions: - additionalProperties: - type: string - type: object - externalNetwork: - type: string - failureDetectionMode: - type: string - filters: - items: - type: string - type: array - keepOriginalNextHop: - type: boolean - keepaliveTime: - type: string - localASNumber: - format: int32 - type: integer - localWorkloadSelector: - type: string - maxRestartTime: - type: string - nextHopMode: - enum: - - Auto - - Self - - Keep - type: string - node: - type: string - nodeSelector: - type: string - numAllowedLocalASNumbers: - format: int32 - type: integer - password: - properties: - secretKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - peerIP: - type: string - peerSelector: - type: string - reachableBy: - type: string - restartMode: - type: string - reversePeering: - allOf: - - enum: - - Auto - - Manual - - enum: - - Auto - - Manual - type: string - sourceAddress: - enum: - - UseNodeIP - - None - type: string - ttlSecurity: - type: integer - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_blockaffinities.yaml b/libcalico-go/config/crd/crd.projectcalico.org_blockaffinities.yaml deleted file mode 100644 index c18b570..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_blockaffinities.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: blockaffinities.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BlockAffinity - listKind: BlockAffinityList - plural: blockaffinities - singular: blockaffinity - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - cidr: - type: string - deleted: - type: string - node: - type: string - state: - type: string - type: - type: string - required: - - cidr - - deleted - - node - - state - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_caliconodestatuses.yaml b/libcalico-go/config/crd/crd.projectcalico.org_caliconodestatuses.yaml deleted file mode 100644 index c9e04ba..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_caliconodestatuses.yaml +++ /dev/null @@ -1,214 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: caliconodestatuses.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: CalicoNodeStatus - listKind: CalicoNodeStatusList - plural: caliconodestatuses - singular: caliconodestatus - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - classes: - items: - enum: - - Agent - - BGP - - Routes - type: string - type: array - node: - type: string - updatePeriodSeconds: - format: int32 - type: integer - type: object - status: - properties: - agent: - properties: - birdV4: - properties: - lastBootTime: - type: string - lastReconfigurationTime: - type: string - routerID: - type: string - state: - enum: - - Ready - - NotReady - type: string - version: - type: string - type: object - birdV6: - properties: - lastBootTime: - type: string - lastReconfigurationTime: - type: string - routerID: - type: string - state: - enum: - - Ready - - NotReady - type: string - version: - type: string - type: object - type: object - bgp: - properties: - numberEstablishedV4: - type: integer - numberEstablishedV6: - type: integer - numberNotEstablishedV4: - type: integer - numberNotEstablishedV6: - type: integer - peersV4: - items: - properties: - peerIP: - type: string - since: - type: string - state: - enum: - - Idle - - Connect - - Active - - OpenSent - - OpenConfirm - - Established - - Close - type: string - type: - enum: - - NodeMesh - - NodePeer - - GlobalPeer - type: string - type: object - type: array - peersV6: - items: - properties: - peerIP: - type: string - since: - type: string - state: - enum: - - Idle - - Connect - - Active - - OpenSent - - OpenConfirm - - Established - - Close - type: string - type: - enum: - - NodeMesh - - NodePeer - - GlobalPeer - type: string - type: object - type: array - required: - - numberEstablishedV4 - - numberEstablishedV6 - - numberNotEstablishedV4 - - numberNotEstablishedV6 - type: object - lastUpdated: - format: date-time - nullable: true - type: string - routes: - properties: - routesV4: - items: - properties: - destination: - type: string - gateway: - type: string - interface: - type: string - learnedFrom: - properties: - peerIP: - type: string - sourceType: - enum: - - Kernel - - Static - - Direct - - NodeMesh - - BGPPeer - type: string - type: object - type: - enum: - - FIB - - RIB - type: string - type: object - type: array - routesV6: - items: - properties: - destination: - type: string - gateway: - type: string - interface: - type: string - learnedFrom: - properties: - peerIP: - type: string - sourceType: - enum: - - Kernel - - Static - - Direct - - NodeMesh - - BGPPeer - type: string - type: object - type: - enum: - - FIB - - RIB - type: string - type: object - type: array - type: object - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_clusterinformations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_clusterinformations.yaml deleted file mode 100644 index 0a80cc2..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_clusterinformations.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterinformations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ClusterInformation - listKind: ClusterInformationList - plural: clusterinformations - singular: clusterinformation - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - calicoEnterpriseVersion: - type: string - calicoVersion: - type: string - clusterGUID: - type: string - clusterType: - type: string - cnxVersion: - type: string - datastoreReady: - type: boolean - variant: - type: string - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_deeppacketinspections.yaml b/libcalico-go/config/crd/crd.projectcalico.org_deeppacketinspections.yaml deleted file mode 100644 index a1a73a4..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_deeppacketinspections.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: deeppacketinspections.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: DeepPacketInspection - listKind: DeepPacketInspectionList - plural: deeppacketinspections - singular: deeppacketinspection - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - selector: - type: string - type: object - status: - properties: - nodes: - items: - properties: - active: - properties: - lastUpdated: - format: date-time - type: string - success: - type: boolean - type: object - errorConditions: - items: - properties: - lastUpdated: - format: date-time - type: string - message: - type: string - type: object - maxItems: 10 - type: array - node: - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/libcalico-go/config/crd/crd.projectcalico.org_egressgatewaypolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_egressgatewaypolicies.yaml deleted file mode 100644 index 101fc10..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_egressgatewaypolicies.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: egressgatewaypolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: EgressGatewayPolicy - listKind: EgressGatewayPolicyList - plural: egressgatewaypolicies - singular: egressgatewaypolicy - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - rules: - items: - properties: - description: - type: string - destination: - properties: - cidr: - type: string - type: object - gateway: - properties: - maxNextHops: - type: integer - namespaceSelector: - type: string - selector: - type: string - type: object - gatewayPreference: - default: None - enum: - - None - - PreferNodeLocal - type: string - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_externalnetworks.yaml b/libcalico-go/config/crd/crd.projectcalico.org_externalnetworks.yaml deleted file mode 100644 index b6f4409..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_externalnetworks.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: externalnetworks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ExternalNetwork - listKind: ExternalNetworkList - plural: externalnetworks - singular: externalnetwork - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - routeTableIndex: - format: int32 - type: integer - required: - - routeTableIndex - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_felixconfigurations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_felixconfigurations.yaml deleted file mode 100644 index cddd24b..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_felixconfigurations.yaml +++ /dev/null @@ -1,2112 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: felixconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: FelixConfiguration - listKind: FelixConfigurationList - plural: felixconfigurations - singular: felixconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Felix Configuration contains the configuration for Felix. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: FelixConfigurationSpec contains the values of the Felix configuration. - properties: - allowIPIPPacketsFromWorkloads: - description: |- - AllowIPIPPacketsFromWorkloads controls whether Felix will add a rule to drop IPIP encapsulated traffic - from workloads. [Default: false] - type: boolean - allowVXLANPacketsFromWorkloads: - description: |- - AllowVXLANPacketsFromWorkloads controls whether Felix will add a rule to drop VXLAN encapsulated traffic - from workloads. [Default: false] - type: boolean - awsRequestTimeout: - description: - "AWSRequestTimeout is the timeout on AWS API requests. - [Default: 30s]" - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - awsSecondaryIPRoutingRulePriority: - description: |- - AWSSecondaryIPRoutingRulePriority controls the priority that Felix will use for routing rules when programming - them for AWS Secondary IP support. [Default: 101] - type: integer - awsSecondaryIPSupport: - description: |- - AWSSecondaryIPSupport controls whether Felix will try to provision AWS secondary ENIs for - workloads that have IPs from IP pools that are configured with an AWS subnet ID. If the field is set to - "EnabledENIPerWorkload" then each workload with an AWS-backed IP will be assigned its own secondary ENI. - If set to "Enabled" then each workload with an AWS-backed IP pool will be allocated a secondary IP address - on a secondary ENI; this mode requires additional IP pools to be provisioned for the host to claim IPs for - the primary IP of the secondary ENIs. Accepted value must be one of "Enabled", "EnabledENIPerWorkload" or - "Disabled". [Default: Disabled] - pattern: ^(?i)(Enabled|EnabledENIPerWorkload|Disabled)?$ - type: string - awsSrcDstCheck: - description: |- - AWSSrcDstCheck controls whether Felix will try to change the "source/dest check" setting on the EC2 instance - on which it is running. A value of "Disable" will try to disable the source/dest check. Disabling the check - allows for sending workload traffic without encapsulation within the same AWS subnet. - [Default: DoNothing] - enum: - - DoNothing - - Enable - - Disable - type: string - bpfAttachType: - description: |- - BPFAttachType controls how are the BPF programs at the network interfaces attached. - By default `TCX` is used where available to enable easier coexistence with 3rd party programs. - `TC` can force the legacy method of attaching via a qdisc. `TCX` falls back to `TC` if `TCX` is not available. - [Default: TCX] - enum: - - TC - - TCX - type: string - bpfCTLBLogFilter: - description: |- - BPFCTLBLogFilter specifies, what is logged by connect time load balancer when BPFLogLevel is - debug. Currently has to be specified as 'all' when BPFLogFilters is set - to see CTLB logs. - [Default: unset - means logs are emitted when BPFLogLevel id debug and BPFLogFilters not set.] - type: string - bpfConnectTimeLoadBalancing: - description: |- - BPFConnectTimeLoadBalancing when in BPF mode, controls whether Felix installs the connect-time load - balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services - and it improves the performance of pod-to-service connections.When set to TCP, connect time load balancing - is available only for services with TCP ports. [Default: TCP] - enum: - - TCP - - Enabled - - Disabled - type: string - bpfConnectTimeLoadBalancingEnabled: - description: |- - BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load - balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services - and it improves the performance of pod-to-service connections. The only reason to disable it is for debugging - purposes. - - Deprecated: Use BPFConnectTimeLoadBalancing [Default: true] - type: boolean - bpfConntrackLogLevel: - description: |- - BPFConntrackLogLevel controls the log level of the BPF conntrack cleanup program, which runs periodically - to clean up expired BPF conntrack entries. - [Default: Off]. - enum: - - "Off" - - Debug - type: string - bpfConntrackMode: - description: |- - BPFConntrackCleanupMode controls how BPF conntrack entries are cleaned up. `Auto` will use a BPF program if supported, - falling back to userspace if not. `Userspace` will always use the userspace cleanup code. `BPFProgram` will - always use the BPF program (failing if not supported). - - /To be deprecated in future versions as conntrack map type changed to - lru_hash and userspace cleanup is the only mode that is supported. - [Default: Userspace] - enum: - - Auto - - Userspace - - BPFProgram - type: string - bpfConntrackTimeouts: - description: |- - BPFConntrackTimers overrides the default values for the specified conntrack timer if - set. Each value can be either a duration or `Auto` to pick the value from - a Linux conntrack timeout. - - Configurable timers are: CreationGracePeriod, TCPSynSent, - TCPEstablished, TCPFinsSeen, TCPResetSeen, UDPTimeout, GenericTimeout, - ICMPTimeout. - - Unset values are replaced by the default values with a warning log for - incorrect values. - properties: - creationGracePeriod: - description: |- - CreationGracePeriod gives a generic grace period to new connections - before they are considered for cleanup [Default: 10s]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - genericTimeout: - description: |- - GenericTimeout controls how long it takes before considering this - entry for cleanup after the connection became idle. If set to 'Auto', the - value from nf_conntrack_generic_timeout is used. If nil, Calico uses its - own default value. [Default: 10m]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - icmpTimeout: - description: |- - ICMPTimeout controls how long it takes before considering this - entry for cleanup after the connection became idle. If set to 'Auto', the - value from nf_conntrack_icmp_timeout is used. If nil, Calico uses its - own default value. [Default: 5s]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - tcpEstablished: - description: |- - TCPEstablished controls how long it takes before considering this entry for - cleanup after the connection became idle. If set to 'Auto', the - value from nf_conntrack_tcp_timeout_established is used. If nil, Calico uses - its own default value. [Default: 1h]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - tcpFinsSeen: - description: |- - TCPFinsSeen controls how long it takes before considering this entry for - cleanup after the connection was closed gracefully. If set to 'Auto', the - value from nf_conntrack_tcp_timeout_time_wait is used. If nil, Calico uses - its own default value. [Default: Auto]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - tcpResetSeen: - description: |- - TCPResetSeen controls how long it takes before considering this entry for - cleanup after the connection was aborted. If nil, Calico uses its own - default value. [Default: 40s]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - tcpSynSent: - description: |- - TCPSynSent controls how long it takes before considering this entry for - cleanup after the last SYN without a response. If set to 'Auto', the - value from nf_conntrack_tcp_timeout_syn_sent is used. If nil, Calico uses - its own default value. [Default: 20s]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - udpTimeout: - description: |- - UDPTimeout controls how long it takes before considering this entry for - cleanup after the connection became idle. If nil, Calico uses its own - default value. [Default: 60s]. - pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$ - type: string - type: object - bpfDNSPolicyMode: - description: |- - BPFDNSPolicyMode specifies how DNS policy programming will be handled. - Inline - BPF parses DNS response inline with DNS response packet - processing. This guarantees the DNS rules reflect any change immediately. - NoDelay - Felix does not introduce any delay to the packets. DNS rules may not have been programmed by the time - the first packet traverses the policy rules. Client applications need to handle reconnection attempts if initial - connection attempts fail. This may be problematic for some applications or for very low DNS TTLs. - [Default: DelayDeniedPacket] - type: string - bpfDSROptoutCIDRs: - description: |- - BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients - in those CIDRs will access service node ports as if BPFExternalServiceMode was set to - Tunnel. - items: - type: string - type: array - bpfDataIfacePattern: - description: |- - BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to - in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic - flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the - cluster. It should not match the workload interfaces (usually named cali...) or any other special device managed - by Calico itself (e.g., tunnels). - type: string - bpfDisableGROForIfaces: - description: |- - BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the - Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...). - type: string - bpfDisableUnprivileged: - description: |- - BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled sysctl to disable - unprivileged use of BPF. This ensures that unprivileged users cannot access Calico's BPF maps and - cannot insert their own BPF programs to interfere with Calico's. [Default: true] - type: boolean - bpfEnabled: - description: - "BPFEnabled, if enabled Felix will use the BPF dataplane. - [Default: false]" - type: boolean - bpfEnforceRPF: - description: |- - BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of - what is the per-interfaces or global setting. Possible values are Disabled, Strict - or Loose. [Default: Loose] - pattern: ^(?i)(Disabled|Strict|Loose)?$ - type: string - bpfExcludeCIDRsFromNAT: - description: |- - BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT - resolution so that host can handle them. A typical usecase is node local - DNS cache. - items: - type: string - type: array - bpfExportBufferSizeMB: - description: |- - BPFExportBufferSizeMB in BPF mode, controls the buffer size used for sending BPF events to felix. - [Default: 1] - type: integer - bpfExtToServiceConnmark: - description: |- - BPFExtToServiceConnmark in BPF mode, controls a 32bit mark that is set on connections from an - external client to a local service. This mark allows us to control how packets of that - connection are routed within the host and how is routing interpreted by RPF check. [Default: 0] - type: integer - bpfExternalServiceMode: - description: |- - BPFExternalServiceMode in BPF mode, controls how connections from outside the cluster to services (node ports - and cluster IPs) are forwarded to remote workloads. If set to "Tunnel" then both request and response traffic - is tunneled to the remote node. If set to "DSR", the request traffic is tunneled but the response traffic - is sent directly from the remote node. In "DSR" mode, the remote node appears to use the IP of the ingress - node; this requires a permissive L2 network. [Default: Tunnel] - pattern: ^(?i)(Tunnel|DSR)?$ - type: string - bpfForceTrackPacketsFromIfaces: - description: |- - BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic from these interfaces - to skip Calico's iptables NOTRACK rule, allowing traffic from those interfaces to be - tracked by Linux conntrack. Should only be used for interfaces that are not used for - the Calico fabric. For example, a docker bridge device for non-Calico-networked - containers. [Default: docker+] - items: - type: string - type: array - bpfHostConntrackBypass: - description: |- - BPFHostConntrackBypass Controls whether to bypass Linux conntrack in BPF mode for - workloads and services. [Default: true - bypass Linux conntrack] - type: boolean - bpfHostNetworkedNATWithoutCTLB: - description: |- - BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing - determines the CTLB behavior. [Default: Enabled] - type: string - bpfJITHardening: - allOf: - - enum: - - Auto - - Strict - - enum: - - Auto - - Strict - description: |- - BPFJITHardening controls BPF JIT hardening. When set to "Auto", Felix will set JIT hardening to 1 - if it detects the current value is 2 (strict mode that hurts performance). When set to "Strict", - Felix will not modify the JIT hardening setting. [Default: Auto] - type: string - bpfKubeProxyHealthzPort: - description: |- - BPFKubeProxyHealthzPort, in BPF mode, controls the port that Felix's embedded kube-proxy health check server binds to. - The health check server is used by external load balancers to determine if this node should receive traffic. [Default: 10256] - type: integer - bpfKubeProxyIptablesCleanupEnabled: - description: |- - BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF mode, Felix will proactively clean up the upstream - Kubernetes kube-proxy's iptables chains. Should only be enabled if kube-proxy is not running. [Default: true] - type: boolean - bpfKubeProxyMinSyncPeriod: - description: |- - BPFKubeProxyMinSyncPeriod, in BPF mode, controls the minimum time between updates to the dataplane for Felix's - embedded kube-proxy. Lower values give reduced set-up latency. Higher values reduce Felix CPU usage by - batching up more work. [Default: 1s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - bpfL3IfacePattern: - description: |- - BPFL3IfacePattern is a regular expression that allows to list tunnel devices like wireguard or vxlan (i.e., L3 devices) - in addition to BPFDataIfacePattern. That is, tunnel interfaces not created by Calico, that Calico workload traffic flows - over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. - type: string - bpfLogFilters: - additionalProperties: - type: string - description: |- - BPFLogFilters is a map of key=values where the value is - a pcap filter expression and the key is an interface name with 'all' - denoting all interfaces, 'weps' all workload endpoints and 'heps' all host - endpoints. - - When specified as an env var, it accepts a comma-separated list of - key=values. - [Default: unset - means all debug logs are emitted] - type: object - bpfLogLevel: - description: |- - BPFLogLevel controls the log level of the BPF programs when in BPF dataplane mode. One of "Off", "Info", or - "Debug". The logs are emitted to the BPF trace pipe, accessible with the command `tc exec bpf debug`. - [Default: Off]. - pattern: ^(?i)(Off|Info|Debug)?$ - type: string - bpfMaglevMaxEndpointsPerService: - description: |- - BPFMaglevMaxEndpointsPerService is the maximum number of endpoints - expected to be part of a single Maglev-enabled service. - - Influences the size of the per-service Maglev lookup-tables generated by Felix - and thus the amount of memory reserved. - - [Default: 100] - type: integer - bpfMaglevMaxServices: - description: |- - BPFMaglevMaxServices is the maximum number of expected Maglev-enabled - services that Felix will allocate lookup-tables for. - - [Default: 100] - type: integer - bpfMapSizeConntrack: - description: |- - BPFMapSizeConntrack sets the size for the conntrack map. This map must be large enough to hold - an entry for each active connection. Warning: changing the size of the conntrack map can cause disruption. - type: integer - bpfMapSizeConntrackCleanupQueue: - description: |- - BPFMapSizeConntrackCleanupQueue sets the size for the map used to hold NAT conntrack entries that are queued - for cleanup. This should be big enough to hold all the NAT entries that expire within one cleanup interval. - minimum: 1 - type: integer - bpfMapSizeConntrackScaling: - description: |- - BPFMapSizeConntrackScaling controls whether and how we scale the conntrack map size depending - on its usage. 'Disabled' make the size stay at the default or whatever is set by - BPFMapSizeConntrack*. 'DoubleIfFull' doubles the size when the map is pretty much full even - after cleanups. [Default: DoubleIfFull] - pattern: ^(?i)(Disabled|DoubleIfFull)?$ - type: string - bpfMapSizeIPSets: - description: |- - BPFMapSizeIPSets sets the size for ipsets map. The IP sets map must be large enough to hold an entry - for each endpoint matched by every selector in the source/destination matches in network policy. Selectors - such as "all()" can result in large numbers of entries (one entry per endpoint in that case). - type: integer - bpfMapSizeIfState: - description: |- - BPFMapSizeIfState sets the size for ifstate map. The ifstate map must be large enough to hold an entry - for each device (host + workloads) on a host. - type: integer - bpfMapSizeNATAffinity: - description: |- - BPFMapSizeNATAffinity sets the size of the BPF map that stores the affinity of a connection (for services that - enable that feature. - type: integer - bpfMapSizeNATBackend: - description: |- - BPFMapSizeNATBackend sets the size for NAT back end map. - This is the total number of endpoints. This is mostly - more than the size of the number of services. - type: integer - bpfMapSizeNATFrontend: - description: |- - BPFMapSizeNATFrontend sets the size for NAT front end map. - FrontendMap should be large enough to hold an entry for each nodeport, - external IP and each port in each service. - type: integer - bpfMapSizePerCpuConntrack: - description: |- - BPFMapSizePerCPUConntrack determines the size of conntrack map based on the number of CPUs. If set to a - non-zero value, overrides BPFMapSizeConntrack with `BPFMapSizePerCPUConntrack * (Number of CPUs)`. - This map must be large enough to hold an entry for each active connection. Warning: changing the size of the - conntrack map can cause disruption. - type: integer - bpfMapSizeRoute: - description: |- - BPFMapSizeRoute sets the size for the routes map. The routes map should be large enough - to hold one entry per workload and a handful of entries per host (enough to cover its own IPs and - tunnel IPs). - type: integer - bpfPSNATPorts: - anyOf: - - type: integer - - type: string - description: |- - BPFPSNATPorts sets the range from which we randomly pick a port if there is a source port - collision. This should be within the ephemeral range as defined by RFC 6056 (1024–65535) and - preferably outside the ephemeral ranges used by common operating systems. Linux uses - 32768–60999, while others mostly use the IANA defined range 49152–65535. It is not necessarily - a problem if this range overlaps with the operating systems. Both ends of the range are - inclusive. [Default: 20000:29999] - pattern: ^.* - x-kubernetes-int-or-string: true - bpfPolicyDebugEnabled: - description: |- - BPFPolicyDebugEnabled when true, Felix records detailed information - about the BPF policy programs, which can be examined with the calico-bpf command-line tool. - type: boolean - bpfProfiling: - description: |- - BPFProfiling controls profiling of BPF programs. At the monent, it can be - Disabled or Enabled. [Default: Disabled] - enum: - - Enabled - - Disabled - type: string - bpfRedirectToPeer: - description: |- - BPFRedirectToPeer controls whether traffic may be forwarded directly to the peer side of a workload’s device. - Note that the legacy "L2Only" option is now deprecated and if set it is treated like "Enabled". - Setting this option to "Enabled" allows direct redirection (including from L3 host devices such as IPIP tunnels or WireGuard), - which can improve redirection performance but causes the redirected packets to bypass the host‑side ingress path. - As a result, packet‑capture tools on the host side of the workload device (for example, tcpdump) will not see that traffic. [Default: Disabled] - enum: - - Enabled - - Disabled - type: string - captureDir: - description: - "CaptureDir controls directory to store file capture. - [Default: /var/log/calico/pcap]" - minLength: 1 - type: string - captureMaxFiles: - description: - "CaptureMaxFiles controls number of rotated capture file - to keep. [Default: 2]" - minimum: 1 - type: integer - captureMaxSizeBytes: - description: - "CaptureMaxSizeBytes controls the max size of a file - capture. [Default: 10000000]" - minimum: 1 - type: integer - captureRotationSeconds: - description: - "CaptureRotationSeconds controls the time rotation of - a packet capture. [Default: 3600]" - minimum: 1 - type: integer - cgroupV2Path: - description: - CgroupV2Path overrides the default location where to - find the cgroup hierarchy. - type: string - chainInsertMode: - description: |- - ChainInsertMode controls whether Felix hooks the kernel's top-level iptables chains by inserting a rule - at the top of the chain or by appending a rule at the bottom. insert is the safe default since it prevents - Calico's rules from being bypassed. If you switch to append mode, be sure that the other rules in the chains - signal acceptance by falling through to the Calico rules, otherwise the Calico policy will be bypassed. - [Default: insert] - pattern: ^(?i)(Insert|Append)?$ - type: string - dataplaneDriver: - description: |- - DataplaneDriver filename of the external dataplane driver to use. Only used if UseInternalDataplaneDriver - is set to false. - type: string - dataplaneWatchdogTimeout: - description: |- - DataplaneWatchdogTimeout is the readiness/liveness timeout used for Felix's (internal) dataplane driver. - Deprecated: replaced by the generic HealthTimeoutOverrides. - type: string - debugDisableLogDropping: - description: |- - DebugDisableLogDropping disables the dropping of log messages when the log buffer is full. This can - significantly impact performance if log write-out is a bottleneck. [Default: false] - type: boolean - debugHost: - description: |- - DebugHost is the host IP or hostname to bind the debug port to. Only used - if DebugPort is set. [Default:localhost] - type: string - debugMemoryProfilePath: - description: - DebugMemoryProfilePath is the path to write the memory - profile to when triggered by signal. - type: string - debugPort: - description: |- - DebugPort if set, enables Felix's debug HTTP port, which allows memory and CPU profiles - to be retrieved. The debug port is not secure, it should not be exposed to the internet. - type: integer - debugSimulateCalcGraphHangAfter: - description: |- - DebugSimulateCalcGraphHangAfter is used to simulate a hang in the calculation graph after the specified duration. - This is useful in tests of the watchdog system only! - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - debugSimulateDataplaneApplyDelay: - description: |- - DebugSimulateDataplaneApplyDelay adds an artificial delay to every dataplane operation. This is useful for - simulating a heavily loaded system for test purposes only. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - debugSimulateDataplaneHangAfter: - description: |- - DebugSimulateDataplaneHangAfter is used to simulate a hang in the dataplane after the specified duration. - This is useful in tests of the watchdog system only! - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - defaultEndpointToHostAction: - description: |- - DefaultEndpointToHostAction controls what happens to traffic that goes from a workload endpoint to the host - itself (after the endpoint's egress policy is applied). By default, Calico blocks traffic from workload - endpoints to the host itself with an iptables "DROP" action. If you want to allow some or all traffic from - endpoint to host, set this parameter to RETURN or ACCEPT. Use RETURN if you have your own rules in the iptables - "INPUT" chain; Calico will insert its rules at the top of that chain, then "RETURN" packets to the "INPUT" chain - once it has completed processing workload endpoint egress policy. Use ACCEPT to unconditionally accept packets - from workloads after processing workload endpoint egress policy. [Default: Drop] - pattern: ^(?i)(Drop|Accept|Return)?$ - type: string - deletedMetricsRetentionSecs: - description: - DeletedMetricsRetentionSecs controls how long metrics - are retianed after the flow is gone. - type: integer - deviceRouteProtocol: - description: |- - DeviceRouteProtocol controls the protocol to set on routes programmed by Felix. The protocol is an 8-bit label - used to identify the owner of the route. - type: integer - deviceRouteSourceAddress: - description: |- - DeviceRouteSourceAddress IPv4 address to set as the source hint for routes programmed by Felix. When not set - the source address for local traffic from host to workload will be determined by the kernel. - type: string - deviceRouteSourceAddressIPv6: - description: |- - DeviceRouteSourceAddressIPv6 IPv6 address to set as the source hint for routes programmed by Felix. When not set - the source address for local traffic from host to workload will be determined by the kernel. - type: string - disableConntrackInvalidCheck: - description: |- - DisableConntrackInvalidCheck disables the check for invalid connections in conntrack. While the conntrack - invalid check helps to detect malicious traffic, it can also cause issues with certain multi-NIC scenarios. - type: boolean - dnsCacheEpoch: - description: |- - An arbitrary number that can be changed, at runtime, to tell Felix to discard all its - learnt DNS information. [Default: 0]. - type: integer - dnsCacheFile: - description: |- - The name of the file that Felix uses to preserve learnt DNS information when restarting. [Default: - "/var/run/calico/felix-dns-cache.txt"]. - type: string - dnsCacheSaveInterval: - description: |- - The periodic interval at which Felix saves learnt DNS information to the cache file. [Default: - 60s]. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - dnsExtraTTL: - description: |- - Extra time to keep IPs and alias names that are learnt from DNS, in addition to each name - or IP's advertised TTL. [Default: 0s]. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - dnsLogsFileAggregationKind: - description: |- - DNSLogsFileAggregationKind is used to choose the type of aggregation for DNS log entries. - [Default: 1 - client name prefix aggregation]. - Accepted values are 0 and 1. - 0 - No aggregation. - 1 - Aggregate over clients with the same name prefix. - enum: - - 0 - - 1 - type: integer - dnsLogsFileDirectory: - description: |- - DNSLogsFileDirectory sets the directory where DNS log files are stored. - [Default: /var/log/calico/dnslogs] - type: string - dnsLogsFileEnabled: - description: |- - DNSLogsFileEnabled controls logging DNS logs to a file. If false no DNS logging to file will occur. - [Default: false] - type: boolean - dnsLogsFileIncludeLabels: - description: |- - DNSLogsFileIncludeLabels is used to configure if endpoint labels are included in a DNS log entry written to file. - [Default: true] - type: boolean - dnsLogsFileMaxFileSizeMB: - description: |- - DNSLogsFileMaxFileSizeMB sets the max size in MB of DNS log files before rotation. - [Default: 100] - type: integer - dnsLogsFileMaxFiles: - description: |- - DNSLogsFileMaxFiles sets the number of DNS log files to keep. - [Default: 5] - type: integer - dnsLogsFilePerNodeLimit: - description: |- - Limit on the number of DNS logs that can be emitted within each flush interval. When - this limit has been reached, Felix counts the number of unloggable DNS responses within - the flush interval, and emits a WARNING log with that count at the same time as it - flushes the buffered DNS logs. [Default: 0, meaning no limit] - type: integer - dnsLogsFlushInterval: - description: |- - DNSLogsFlushInterval configures the interval at which Felix exports DNS logs. - [Default: 300s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - dnsLogsLatency: - description: |- - DNSLogsLatency indicates to include measurements of DNS request/response latency in each DNS log. - [Default: true] - type: boolean - dnsPacketsNfqueueID: - description: |- - DNSPacketsNfqueueID is the NFQUEUE ID to use for capturing DNS packets to ensure programming IPSets occurs before - the response is released. Used when DNSPolicyMode is DelayDNSResponse. [Default: 101] - type: integer - dnsPacketsNfqueueMaxHoldDuration: - description: |- - DNSPacketsNfqueueMaxHoldDuration is the max length of time to hold on to a DNS response while waiting for the - the dataplane to be programmed. Used when DNSPolicyMode is DelayDNSResponse. - [Default: 3s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - dnsPacketsNfqueueSize: - description: |- - DNSPacketsNfqueueSize is the size of the NFQUEUE for captured DNS packets. This is the maximum number of DNS - packets that may be queued awaiting programming in the dataplane. Used when DNSPolicyMode is DelayDNSResponse. - [Default: 100] - type: integer - dnsPolicyMode: - description: |- - DNSPolicyMode specifies how DNS policy programming will be handled. - DelayDeniedPacket - Felix delays any denied packet that traversed a policy that included egress domain matches, - but did not match. The packet is released after a fixed time, or after the destination IP address was programmed. - DelayDNSResponse - Felix delays any DNS response until related IPSets are programmed. This introduces some - latency to all DNS packets (even when no IPSet programming is required), but it ensures policy hit statistics - are accurate. This is the recommended setting when you are making use of staged policies or policy rule hit - statistics. - NoDelay - Felix does not introduce any delay to the packets. DNS rules may not have been programmed by the time - the first packet traverses the policy rules. Client applications need to handle reconnection attempts if initial - connection attempts fail. This may be problematic for some applications or for very low DNS TTLs. - - Inline - Parses DNS response inline with DNS response packet processing within IPTables. - This guarantees the DNS rules reflect any change immediately. - This mode works for iptables only and matches the same mode for BPFDNSPolicyMode. - This setting is ignored on Windows and "NoDelay" is always used. - - This setting is ignored by eBPF and BPFDNSPolicyMode is used instead. - - This field has no effect in NFTables mode. Please use NFTablesDNSPolicyMode instead. - [Default: Inline] - enum: - - NoDelay - - DelayDeniedPacket - - DelayDNSResponse - - Inline - type: string - dnsPolicyNfqueueID: - description: |- - DNSPolicyNfqueueID is the NFQUEUE ID to use for DNS Policy re-evaluation when the domains IP hasn't been programmed - to ipsets yet. Used when DNSPolicyMode is DelayDeniedPacket. [Default: 100] - type: integer - dnsPolicyNfqueueSize: - description: |- - DNSPolicyNfqueueID is the size of the NFQUEUE for DNS policy re-evaluation. This is the maximum number of denied - packets that may be queued up pending re-evaluation. - Used when DNSPolicyMode is DelayDeniedPacket. [Default: 100] - type: integer - dnsTrustedServers: - description: |- - The DNS servers that Felix should trust. Each entry here must be `[:]` - indicating an - explicit DNS server IP - or `k8s-service:[/][:port]` - indicating a Kubernetes DNS - service. `` defaults to the first service port, or 53 for an IP, and `` to - `kube-system`. An IPv6 address with a port must use the square brackets convention, for example - `[fd00:83a6::12]:5353`.Note that Felix (calico-node) will need RBAC permission to read the details of - each service specified by a `k8s-service:...` form. [Default: "k8s-service:kube-dns"]. - items: - type: string - type: array - dropActionOverride: - description: |- - DropActionOverride overrides the Drop action in Felix, optionally changing the behavior to Accept, and optionally adding Log. - Possible values are Drop, LogAndDrop, Accept, LogAndAccept. [Default: Drop] - pattern: ^(?i)(Drop|LogAndDrop|Accept|LogAndAccept)?$ - type: string - egressGatewayPollFailureCount: - description: |- - EgressGatewayPollFailureCount is the minimum number of poll failures before a remote Egress Gateway is considered - to have failed. - type: integer - egressGatewayPollInterval: - description: |- - EgressGatewayPollInterval is the interval at which Felix will poll remote egress gateways to check their - health. Only Egress Gateways with a named "health" port will be polled in this way. Egress Gateways that - fail the health check will be taken our of use as if they have been deleted. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - egressIPHostIfacePattern: - description: |- - EgressIPHostIfacePattern is a comma-separated list of interface names which might send and receive egress traffic - across the cluster boundary, after it has left an Egress Gateway pod. Felix will ensure `src_valid_mark` sysctl flags - are set correctly for matching interfaces. - To target multiple interfaces with a single string, the list supports regular expressions. - For regular expressions, wrap the value with `/`. - Example: `/^bond/,eth0` will match all interfaces that begin with `bond` and also the interface `eth0`. [Default: ""] - type: string - egressIPRoutingRulePriority: - description: - "EgressIPRoutingRulePriority controls the priority value - to use for the egress IP routing rule. [Default: 100]" - type: integer - egressIPSupport: - description: |- - EgressIPSupport defines three different support modes for egress IP function. [Default: Disabled] - - Disabled: Egress IP function is disabled. - - EnabledPerNamespace: Egress IP function is enabled and can be configured on a per-namespace basis; - per-pod egress annotations are ignored. - - EnabledPerNamespaceOrPerPod: Egress IP function is enabled and can be configured per-namespace or per-pod, - with per-pod egress annotations overriding namespace annotations. - pattern: ^(?i)(Disabled|EnabledPerNamespace|EnabledPerNamespaceOrPerPod)?$ - type: string - egressIPVXLANPort: - description: - "EgressIPVXLANPort is the port number of vxlan tunnel - device for egress traffic. [Default: 4790]" - type: integer - egressIPVXLANVNI: - description: - "EgressIPVXLANVNI is the VNI ID of vxlan tunnel device - for egress traffic. [Default: 4097]" - type: integer - endpointReportingDelay: - description: |- - EndpointReportingDelay is the delay before Felix reports endpoint status to the datastore. This is only used - by the OpenStack integration. [Default: 1s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - endpointReportingEnabled: - description: |- - EndpointReportingEnabled controls whether Felix reports endpoint status to the datastore. This is only used - by the OpenStack integration. [Default: false] - type: boolean - endpointStatusPathPrefix: - description: |- - EndpointStatusPathPrefix is the path to the directory where endpoint status will be written. Endpoint status - file reporting is disabled if field is left empty. - - Chosen directory should match the directory used by the CNI plugin for PodStartupDelay. - [Default: /var/run/calico] - type: string - externalNetworkRoutingRulePriority: - description: - "ExternalNetworkRoutingRulePriority controls the priority - value to use for the external network routing rule. [Default: 102]" - type: integer - externalNetworkSupport: - description: |- - ExternalNetworkSupport defines two different support modes for external network function. [Default: Disabled] - - Disabled: External network function is disabled. - - Enabled: External network function is enabled. - pattern: ^(?i)(Disabled|Enabled)?$ - type: string - externalNodesList: - description: |- - ExternalNodesCIDRList is a list of CIDR's of external, non-Calico nodes from which VXLAN/IPIP overlay traffic - will be allowed. By default, external tunneled traffic is blocked to reduce attack surface. - items: - type: string - type: array - failsafeInboundHostPorts: - description: |- - FailsafeInboundHostPorts is a list of ProtoPort struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will - allow incoming traffic to host endpoints on irrespective of the security policy. This is useful to avoid accidentally - cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, - it defaults to "tcp". If a CIDR is not specified, it will allow traffic from all addresses. To disable all inbound host ports, - use the value "[]". The default value allows ssh access, DHCP, BGP, etcd and the Kubernetes API. - [Default: tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ] - items: - description: - ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - type: object - type: array - failsafeOutboundHostPorts: - description: |- - FailsafeOutboundHostPorts is a list of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix - will allow outgoing traffic from host endpoints to irrespective of the security policy. This is useful to avoid accidentally - cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from all addresses. To disable all outbound host ports, - use the value "[]". The default value opens etcd's standard ports to ensure that Felix does not get cut off from etcd - as well as allowing DHCP, DNS, BGP and the Kubernetes API. - [Default: udp:53, udp:67, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ] - items: - description: - ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - type: object - type: array - featureDetectOverride: - description: |- - FeatureDetectOverride is used to override feature detection based on auto-detected platform - capabilities. Values are specified in a comma separated list with no spaces, example; - "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". A value of "true" or "false" will - force enable/disable feature, empty or omitted values fall back to auto-detection. - pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$ - type: string - featureGates: - description: |- - FeatureGates is used to enable or disable tech-preview Calico features. - Values are specified in a comma separated list with no spaces, example; - "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". This is - used to enable features that are not fully production ready. - pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$ - type: string - floatingIPs: - description: |- - FloatingIPs configures whether or not Felix will program non-OpenStack floating IP addresses. (OpenStack-derived - floating IPs are always programmed, regardless of this setting.) - enum: - - Enabled - - Disabled - type: string - flowLogsAggregationThresholdBytes: - description: |- - FlowLogsAggregationThresholdBytes is used specify how far behind the external pipeline that reads flow logs can be. Default is 8192 bytes. - This parameter only takes effect when FlowLogsDynamicAggregationEnabled is set to true. - type: integer - flowLogsCollectProcessInfo: - description: - "FlowLogsCollectProcessInfo, if enabled Felix will load - the kprobe BPF programs to collect process info. [Default: false]" - type: boolean - flowLogsCollectProcessPath: - description: |- - When FlowLogsCollectProcessPath and FlowLogsCollectProcessInfo are - both enabled, each flow log will include information about the process - that is sending or receiving the packets in that flow: the - `process_name` field will contain the full path of the process - executable, and the `process_args` field will have the arguments with - which the executable was invoked. Process information will not be - reported for connections which use raw sockets. - type: boolean - flowLogsCollectTcpStats: - description: - FlowLogsCollectTcpStats enables flow logs reporting TCP - socket stats - type: boolean - flowLogsCollectorDebugTrace: - description: |- - When FlowLogsCollectorDebugTrace is set to true, enables the logs in the collector to be - printed in their entirety. - type: boolean - flowLogsDestDomainsByClient: - description: |- - FlowLogsDestDomainsByClient is used to configure if the source IP is used in the mapping of top - level destination domains. [Default: true] - type: boolean - flowLogsDynamicAggregationEnabled: - description: - FlowLogsDynamicAggregationEnabled is used to enable/disable - dynamically changing aggregation levels. Default is true. - type: boolean - flowLogsEnableHostEndpoint: - description: - FlowLogsEnableHostEndpoint enables Flow logs reporting - for HostEndpoints. - type: boolean - flowLogsEnableNetworkSets: - description: - FlowLogsEnableNetworkSets enables Flow logs reporting - for GlobalNetworkSets. - type: boolean - flowLogsFileAggregationKindForAllowed: - description: |- - FlowLogsFileAggregationKindForAllowed is used to choose the type of aggregation for flow log entries created for - allowed connections. [Default: 2 - pod prefix name based aggregation]. - Accepted values are 0, 1 and 2. - 0 - No aggregation. - 1 - Source port based aggregation. - 2 - Pod prefix name based aggreagation. - enum: - - 0 - - 1 - - 2 - type: integer - flowLogsFileAggregationKindForDenied: - description: |- - FlowLogsFileAggregationKindForDenied is used to choose the type of aggregation for flow log entries created for - denied connections. [Default: 1 - source port based aggregation]. - Accepted values are 0, 1 and 2. - 0 - No aggregation. - 1 - Source port based aggregation. - 2 - Pod prefix name based aggregation. - 3 - No destination ports based aggregation. - enum: - - 0 - - 1 - - 2 - - 3 - type: integer - flowLogsFileDirectory: - description: - FlowLogsFileDirectory sets the directory where flow logs - files are stored. - type: string - flowLogsFileDomainsLimit: - description: |- - FlowLogsFileDomainsLimit is used to configure the number of (destination) domains to include in the flow log. - These are not included for workload or host endpoint destinations. - [Default: 5] - type: integer - flowLogsFileEnabled: - description: - FlowLogsFileEnabled when set to true, enables logging - flow logs to a file. If false no flow logging to file will occur. - type: boolean - flowLogsFileEnabledForAllowed: - description: |- - FlowLogsFileEnabledForAllowed is used to enable/disable flow logs entries created for allowed connections. Default is true. - This parameter only takes effect when FlowLogsFileReporterEnabled is set to true. - type: boolean - flowLogsFileEnabledForDenied: - description: |- - FlowLogsFileEnabledForDenied is used to enable/disable flow logs entries created for denied flows. Default is true. - This parameter only takes effect when FlowLogsFileReporterEnabled is set to true. - type: boolean - flowLogsFileIncludeLabels: - description: - FlowLogsFileIncludeLabels is used to configure if endpoint - labels are included in a Flow log entry written to file. - type: boolean - flowLogsFileIncludePolicies: - description: - FlowLogsFileIncludePolicies is used to configure if policy - information are included in a Flow log entry written to file. - type: boolean - flowLogsFileIncludeService: - description: |- - FlowLogsFileIncludeService is used to configure if the destination service is included in a Flow log entry written to file. - The service information can only be included if the flow was explicitly determined to be directed at the service (e.g. - when the pre-DNAT destination corresponds to the service ClusterIP and port). - type: boolean - flowLogsFileMaxFileSizeMB: - description: - FlowLogsFileMaxFileSizeMB sets the max size in MB of - flow logs files before rotation. - type: integer - flowLogsFileMaxFiles: - description: - FlowLogsFileMaxFiles sets the number of log files to - keep. - type: integer - flowLogsFileNatOutgoingPortLimit: - description: |- - FlowLogsFileNatOutgoingPortLimit is used to specify the maximum number of distinct post SNAT ports that will appear - in the flowLogs. Default value is 3 - type: integer - flowLogsFilePerFlowProcessArgsLimit: - description: |- - FlowLogsFilePerFlowProcessArgsLimit is used to specify the maximum number of distinct process args that will appear in the flowLogs. - Default value is 5 - type: integer - flowLogsFilePerFlowProcessLimit: - description: |- - FlowLogsFilePerFlowProcessLimit, is used to specify the maximum number of flow log entries with distinct process information - beyond which process information will be aggregated. [Default: 2] - type: integer - flowLogsFlushInterval: - description: - FlowLogsFlushInterval configures the interval at which - Felix exports flow logs. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - flowLogsGoldmaneServer: - description: - FlowLogGoldmaneServer is the flow server endpoint to - which flow data should be published. - type: string - flowLogsLocalReporter: - description: - "FlowLogsLocalReporter configures local unix socket for - reporting flow data from each node. [Default: Disabled]" - enum: - - Disabled - - Enabled - type: string - flowLogsMaxOriginalIPsIncluded: - description: - FlowLogsMaxOriginalIPsIncluded specifies the number of - unique IP addresses (if relevant) that should be included in Flow - logs. - type: integer - flowLogsPolicyEvaluationMode: - description: |- - FlowLogsPolicyEvaluationMode defines how policies are evaluated and reflected in flow logs. - OnNewConnection - In this mode, staged policies are only evaluated when new connections are - made in the dataplane. Staged/active policy changes will not be reflected in the - `pending_policies` field of flow logs for long lived connections. - Continuous - Felix evaluates active flows on a regular basis to determine the rule - traces in the flow logs. Any policy updates that impact a flow will be reflected in the - pending_policies field, offering a near-real-time view of policy changes across flows. - [Default: Continuous] - type: string - flowLogsPolicyScope: - description: |- - FlowLogsPolicyScope controls which policies are included in flow logs. - AllPolicies - Processes both transit policies for the local node and - endpoint policies derived from packet source/destination IPs. Provides comprehensive - visibility into all policy evaluations but increases log volume. - EndpointPolicies - Processes only policies for endpoints identified as the source - or destination of the packet (whether workload or host endpoints). - [Default: EndpointPolicies] - type: string - flowLogsPositionFilePath: - description: |- - FlowLogsPositionFilePath is used specify the position of the external pipeline that reads flow logs. Default is /var/log/calico/flows.log.pos. - This parameter only takes effect when FlowLogsDynamicAggregationEnabled is set to true. - type: string - genericXDPEnabled: - description: |- - GenericXDPEnabled enables Generic XDP so network cards that don't support XDP offload or driver - modes can use XDP. This is not recommended since it doesn't provide better performance than - iptables. [Default: false] - type: boolean - goGCThreshold: - description: |- - GoGCThreshold Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is - allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time - spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used - to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting. - - This setting is overridden by the GOGC environment variable. - - [Default: 40] - type: integer - goMaxProcs: - description: |- - GoMaxProcs sets the maximum number of CPUs that the Go runtime will use concurrently. A value of -1 means - "use the system default"; typically the number of real CPUs on the system. - - this setting is overridden by the GOMAXPROCS environment variable. - - [Default: -1] - type: integer - goMemoryLimitMB: - description: |- - GoMemoryLimitMB sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory - usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to - take more than 50% of the process's CPU time. A value of -1 disables the memory limit. - - Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container - or pod level. This is because felix is not the only process that must run in the container or pod. - - This setting is overridden by the GOMEMLIMIT environment variable. - - [Default: -1] - type: integer - healthEnabled: - description: |- - HealthEnabled if set to true, enables Felix's health port, which provides readiness and liveness endpoints. - [Default: false] - type: boolean - healthHost: - description: - "HealthHost is the host that the health server should - bind to. [Default: localhost]" - type: string - healthPort: - description: - "HealthPort is the TCP port that the health server should - bind to. [Default: 9099]" - type: integer - healthTimeoutOverrides: - description: |- - HealthTimeoutOverrides allows the internal watchdog timeouts of individual subcomponents to be - overridden. This is useful for working around "false positive" liveness timeouts that can occur - in particularly stressful workloads or if CPU is constrained. For a list of active - subcomponents, see Felix's logs. - items: - properties: - name: - type: string - timeout: - type: string - required: - - name - - timeout - type: object - type: array - interfaceExclude: - description: |- - InterfaceExclude A comma-separated list of interface names that should be excluded when Felix is resolving - host endpoints. The default value ensures that Felix ignores Kubernetes' internal `kube-ipvs0` device. If you - want to exclude multiple interface names using a single value, the list supports regular expressions. For - regular expressions you must wrap the value with `/`. For example having values `/^kube/,veth1` will exclude - all interfaces that begin with `kube` and also the interface `veth1`. [Default: kube-ipvs0] - type: string - interfacePrefix: - description: |- - InterfacePrefix is the interface name prefix that identifies workload endpoints and so distinguishes - them from host endpoint interfaces. Note: in environments other than bare metal, the orchestrators - configure this appropriately. For example our Kubernetes and Docker integrations set the 'cali' value, - and our OpenStack integration sets the 'tap' value. [Default: cali] - type: string - interfaceRefreshInterval: - description: |- - InterfaceRefreshInterval is the period at which Felix rescans local interfaces to verify their state. - The rescan can be disabled by setting the interval to 0. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - ipForwarding: - description: |- - IPForwarding controls whether Felix sets the host sysctls to enable IP forwarding. IP forwarding is required - when using Calico for workload networking. This should be disabled only on hosts where Calico is used solely for - host protection. In BPF mode, due to a kernel interaction, either IPForwarding must be enabled or BPFEnforceRPF - must be disabled. [Default: Enabled] - enum: - - Enabled - - Disabled - type: string - ipipEnabled: - description: |- - IPIPEnabled overrides whether Felix should configure an IPIP interface on the host. Optional as Felix - determines this based on the existing IP pools. [Default: nil (unset)] - type: boolean - ipipMTU: - description: |- - IPIPMTU controls the MTU to set on the IPIP tunnel device. Optional as Felix auto-detects the MTU based on the - MTU of the host's interfaces. [Default: 0 (auto-detect)] - type: integer - ipsecAllowUnsecuredTraffic: - description: |- - IPSecAllowUnsecuredTraffic controls whether non-IPsec traffic is allowed in addition to IPsec traffic. Enabling this - negates the anti-spoofing protections of IPsec but it is useful when migrating to/from IPsec. [Default: false] - type: boolean - ipsecESPAlgorithm: - description: - "IPSecESAlgorithm sets IPSec ESP algorithm. Default is - NIST suite B recommendation. [Default: aes128gcm16-ecp256]" - type: string - ipsecIKEAlgorithm: - description: - "IPSecIKEAlgorithm sets IPSec IKE algorithm. Default - is NIST suite B recommendation. [Default: aes128gcm16-prfsha256-ecp256]" - type: string - ipsecLogLevel: - description: |- - IPSecLogLevel controls log level for IPSec components. Set to None for no logging. - A generic log level terminology is used [None, Notice, Info, Debug, Verbose]. - [Default: Info] - pattern: ^(?i)(None|Notice|Info|Debug|Verbose)?$ - type: string - ipsecMode: - description: |- - IPSecMode controls which mode IPSec is operating on. - Default value means IPSec is not enabled. [Default: ""] - type: string - ipsecPolicyRefreshInterval: - description: |- - IPSecPolicyRefreshInterval is the interval at which Felix will check the kernel's IPsec policy tables and - repair any inconsistencies. [Default: 600s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - ipsetsRefreshInterval: - description: |- - IpsetsRefreshInterval controls the period at which Felix re-checks all IP sets to look for discrepancies. - Set to 0 to disable the periodic refresh. [Default: 90s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesBackend: - description: |- - IptablesBackend controls which backend of iptables will be used. The default is `Auto`. - - Warning: changing this on a running system can leave "orphaned" rules in the "other" backend. These - should be cleaned up to avoid confusing interactions. - enum: - - Legacy - - NFT - - Auto - pattern: ^(?i)(Auto|Legacy|NFT)?$ - type: string - iptablesFilterAllowAction: - description: |- - IptablesFilterAllowAction controls what happens to traffic that is accepted by a Felix policy chain in the - iptables filter table (which is used for "normal" policy). The default will immediately `Accept` the traffic. Use - `Return` to send the traffic back up to the system chains for further processing. - pattern: ^(?i)(Accept|Return)?$ - type: string - iptablesFilterDenyAction: - description: |- - IptablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default Calico blocks traffic - with an iptables "DROP" action. If you want to use "REJECT" action instead you can configure it in here. - pattern: ^(?i)(Drop|Reject)?$ - type: string - iptablesLockProbeInterval: - description: |- - IptablesLockProbeInterval configures the interval between attempts to claim - the xtables lock. Shorter intervals are more responsive but use more CPU. [Default: 50ms] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesMangleAllowAction: - description: |- - IptablesMangleAllowAction controls what happens to traffic that is accepted by a Felix policy chain in the - iptables mangle table (which is used for "pre-DNAT" policy). The default will immediately `Accept` the traffic. - Use `Return` to send the traffic back up to the system chains for further processing. - pattern: ^(?i)(Accept|Return)?$ - type: string - iptablesMarkMask: - description: |- - IptablesMarkMask is the mask that Felix selects its IPTables Mark bits from. Should be a 32 bit hexadecimal - number with at least 8 bits set, none of which clash with any other mark bits in use on the system. - [Default: 0xffff0000] - format: int32 - type: integer - iptablesNATOutgoingInterfaceFilter: - description: |- - This parameter can be used to limit the host interfaces on which Calico will apply SNAT to traffic leaving a - Calico IPAM pool with "NAT outgoing" enabled. This can be useful if you have a main data interface, where - traffic should be SNATted and a secondary device (such as the docker bridge) which is local to the host and - doesn't require SNAT. This parameter uses the iptables interface matching syntax, which allows + as a - wildcard. Most users will not need to set this. Example: if your data interfaces are eth0 and eth1 and you - want to exclude the docker bridge, you could set this to eth+ - type: string - iptablesPostWriteCheckInterval: - description: |- - IptablesPostWriteCheckInterval is the period after Felix has done a write - to the dataplane that it schedules an extra read back in order to check the write was not - clobbered by another process. This should only occur if another application on the system - doesn't respect the iptables lock. [Default: 1s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesRefreshInterval: - description: |- - IptablesRefreshInterval is the period at which Felix re-checks the IP sets - in the dataplane to ensure that no other process has accidentally broken Calico's rules. - Set to 0 to disable IP sets refresh. Note: the default for this value is lower than the - other refresh intervals as a workaround for a Linux kernel bug that was fixed in kernel - version 4.11. If you are using v4.11 or greater you may want to set this to, a higher value - to reduce Felix CPU usage. [Default: 10s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - ipv6Support: - description: - IPv6Support controls whether Felix enables support for - IPv6 (if supported by the in-use dataplane). - type: boolean - istioAmbientMode: - description: |- - IstioAmbientMode configures Felix to work together with Tigera's Istio distribution. - [Default: Disabled] - enum: - - Enabled - - Disabled - type: string - istioDSCPMark: - description: |- - IstioDSCPMark sets the value to use when directing traffic to Istio ZTunnel, when Istio is enabled. The mark is set only on - SYN packets at the final hop to avoid interference with other protocols. This value is reserved by Calico and must not be used - with other Istio installation. [Default: 23] - pattern: ^.* - type: integer - x-kubernetes-int-or-string: true - kubeMasqueradeBit: - description: |- - KubeMasqueradeBit should be set to the same value as --iptables-masquerade-bit of kube-proxy - when TPROXY is used. The default is the same as kube-proxy default thus only needs a change - if kube-proxy is using a non-standard setting. Must be within the range of 0-31. [Default: 14] - type: integer - kubeNodePortRanges: - description: |- - KubeNodePortRanges holds list of port ranges used for service node ports. Only used if felix detects kube-proxy running in ipvs mode. - Felix uses these ranges to separate host and workload traffic. [Default: 30000:32767]. - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - l7LogsFileAggregationDestinationInfo: - description: |- - L7LogsFileAggregationDestinationInfo is used to choose the type of aggregation for the destination metadata on L7 log entries. - [Default: IncludeL7DestinationInfo - include destination metadata]. - Accepted values are IncludeL7DestinationInfo and ExcludeL7DestinationInfo. - IncludeL7DestinationInfo - Include destination metadata in the logs. - ExcludeL7DestinationInfo - Aggregate over all other fields ignoring the destination aggregated name, namespace, and type. - pattern: ^(?i)(IncludeL7DestinationInfo|ExcludeL7DestinationInfo)?$ - type: string - l7LogsFileAggregationHTTPHeaderInfo: - description: |- - L7LogsFileAggregationHTTPHeaderInfo is used to choose the type of aggregation for HTTP header data on L7 log entries. - [Default: ExcludeL7HTTPHeaderInfo - http header info removal]. - Accepted values are IncludeL7HTTPHeaderInfo and ExcludeL7HTTPHeaderInfo. - IncludeL7HTTPHeaderInfo - Include HTTP header data in the logs. - ExcludeL7HTTPHeaderInfo - Aggregate over all other fields ignoring the user agent and log type. - pattern: ^(?i)(IncludeL7HTTPHeaderInfo|ExcludeL7HTTPHeaderInfo)?$ - type: string - l7LogsFileAggregationHTTPMethod: - description: |- - L7LogsFileAggregationHTTPMethod is used to choose the type of aggregation for the HTTP request method on L7 log entries. - [Default: IncludeL7HTTPMethod - include the HTTP method]. - Accepted values are IncludeL7HTTPMethod and ExcludeL7HTTPMethod. - IncludeL7HTTPMethod - Include HTTP method in the logs. - ExcludeL7HTTPMethod - Aggregate over all other fields ignoring the HTTP method. - pattern: ^(?i)(IncludeL7HTTPMethod|ExcludeL7HTTPMethod)?$ - type: string - l7LogsFileAggregationNumURLPath: - description: |- - L7LogsFileAggregationNumURLPath is used to choose the number of components in the url path to display. - This allows for the url to be truncated in case parts of the path provide no value. Setting this value - to negative will allow all parts of the path to be displayed. - [Default: 5]. - type: integer - l7LogsFileAggregationResponseCode: - description: |- - L7LogsFileAggregationResponseCode is used to choose the type of aggregation for the response code on L7 log entries. - [Default: IncludeL7ResponseCode - include the response code]. - Accepted values are IncludeL7ResponseCode and ExcludeL7ResponseCode. - IncludeL7ResponseCode - Include the response code in the logs. - ExcludeL7ResponseCode - Aggregate over all other fields ignoring the response code. - pattern: ^(?i)(IncludeL7ResponseCode|ExcludeL7ResponseCode)?$ - type: string - l7LogsFileAggregationServiceInfo: - description: |- - L7LogsFileAggregationServiceInfo is used to choose the type of aggregation for the service data on L7 log entries. - [Default: IncludeL7ServiceInfo - include service data]. - Accepted values are IncludeL7ServiceInfo and ExcludeL7ServiceInfo. - IncludeL7ServiceInfo - Include service data in the logs. - ExcludeL7ServiceInfo - Aggregate over all other fields ignoring the service name, namespace, and port. - pattern: ^(?i)(IncludeL7ServiceInfo|ExcludeL7ServiceInfo)?$ - type: string - l7LogsFileAggregationSourceInfo: - description: |- - L7LogsFileAggregationExcludeSourceInfo is used to choose the type of aggregation for the source metadata on L7 log entries. - [Default: IncludeL7SourceInfoNoPort - include all source metadata except for the source port]. - Accepted values are IncludeL7SourceInfo, IncludeL7SourceInfoNoPort, and ExcludeL7SourceInfo. - IncludeL7SourceInfo - Include source metadata in the logs. - IncludeL7SourceInfoNoPort - Include source metadata in the logs excluding the source port. - ExcludeL7SourceInfo - Aggregate over all other fields ignoring the source aggregated name, namespace, and type. - pattern: ^(?i)(IncludeL7SourceInfo|IncludeL7SourceInfoNoPort|ExcludeL7SourceInfo)?$ - type: string - l7LogsFileAggregationTrimURL: - description: |- - L7LogsFileAggregationTrimURL is used to choose the type of aggregation for the url on L7 log entries. - [Default: IncludeL7FullURL - include the full URL up to however many path components are allowed by L7LogsFileAggregationNumURLPath]. - Accepted values: - IncludeL7FullURL - Include the full URL up to however many path components are allowed by L7LogsFileAggregationNumURLPath. - TrimURLQuery - Aggregate over all other fields ignoring the query parameters on the URL. - TrimURLQueryAndPath - Aggregate over all other fields and the base URL only. - ExcludeL7URL - Aggregate over all other fields ignoring the URL entirely. - pattern: ^(?i)(IncludeL7FullURL|TrimURLQuery|TrimURLQueryAndPath|ExcludeL7URL)?$ - type: string - l7LogsFileAggregationURLCharLimit: - description: |- - Limit on the length of the URL collected in L7 logs. When a URL length reaches this limit - it is sliced off, and the sliced URL is sent to log storage. [Default: 250] - type: integer - l7LogsFileDirectory: - description: |- - L7LogsFileDirectory sets the directory where L7 log files are stored. - [Default: /var/log/calico/l7logs] - type: string - l7LogsFileEnabled: - description: |- - L7LogsFileEnabled controls logging L7 logs to a file. If false no L7 logging to file will occur. - [Default: true] - type: boolean - l7LogsFileMaxFileSizeMB: - description: |- - L7LogsFileMaxFileSizeMB sets the max size in MB of L7 log files before rotation. - [Default: 100] - type: integer - l7LogsFileMaxFiles: - description: |- - L7LogsFileMaxFiles sets the number of L7 log files to keep. - [Default: 5] - type: integer - l7LogsFilePerNodeLimit: - description: |- - Limit on the number of L7 logs that can be emitted within each flush interval. When - this limit has been reached, Felix counts the number of unloggable L7 responses within - the flush interval, and emits a WARNING log with that count at the same time as it - flushes the buffered L7 logs. A value of 0 means no limit. [Default: 1500] - type: integer - l7LogsFlushInterval: - description: |- - L7LogsFlushInterval configures the interval at which Felix exports L7 logs. - [Default: 300s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - logActionRateLimit: - description: |- - LogActionRateLimit sets the rate of hitting a Log action. The value must be in the format "N/unit", - where N is a number and unit is one of: second, minute, hour, or day. For example: "10/second" or "100/hour". - pattern: ^[1-9]\d{0,3}/(?:second|minute|hour|day)$ - type: string - logActionRateLimitBurst: - description: - LogActionRateLimitBurst sets the rate limit burst of - hitting a Log action when LogActionRateLimit is enabled. - maximum: 9999 - minimum: 0 - type: integer - logDebugFilenameRegex: - description: |- - LogDebugFilenameRegex controls which source code files have their Debug log output included in the logs. - Only logs from files with names that match the given regular expression are included. The filter only applies - to Debug level logs. - type: string - logDropActionOverride: - description: - LogDropActionOverride specifies whether or not to include - the DropActionOverride in the logs when it is triggered. - type: boolean - logFilePath: - description: - "LogFilePath is the full path to the Felix log. Set to - none to disable file logging. [Default: /var/log/calico/felix.log]" - type: string - logPrefix: - description: |- - LogPrefix is the log prefix that Felix uses when rendering LOG rules. It is possible to use the following specifiers - to include extra information in the log prefix. - - %t: Tier name. - - %k: Kind (short names). - - %n: Policy or profile name. - - %p: Policy or profile name (namespace/name for namespaced kinds or just name for non namespaced kinds). - Calico includes ": " characters at the end of the generated log prefix. - Note that iptables shows up to 29 characters for the log prefix and nftables up to 127 characters. Extra characters are truncated. - [Default: calico-packet] - pattern: "^([a-zA-Z0-9%: /_-])*$" - type: string - logSeverityFile: - description: - "LogSeverityFile is the log severity above which logs - are sent to the log file. [Default: Info]" - pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$ - type: string - logSeverityScreen: - description: - "LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]" - pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$ - type: string - logSeveritySys: - description: |- - LogSeveritySys is the log severity above which logs are sent to the syslog. Set to None for no logging to syslog. - [Default: Info] - pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$ - type: string - maxIpsetSize: - description: |- - MaxIpsetSize is the maximum number of IP addresses that can be stored in an IP set. Not applicable - if using the nftables backend. - type: integer - metadataAddr: - description: |- - MetadataAddr is the IP address or domain name of the server that can answer VM queries for - cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in - Ubuntu, nova-api-metadata). A value of none (case-insensitive) means that Felix should not - set up any NAT rule for the metadata path. [Default: 127.0.0.1] - type: string - metadataPort: - description: |- - MetadataPort is the port of the metadata server. This, combined with global.MetadataAddr (if - not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. - In most cases this should not need to be changed [Default: 8775]. - type: integer - mtuIfacePattern: - description: |- - MTUIfacePattern is a regular expression that controls which interfaces Felix should scan in order - to calculate the host's MTU. - This should not match workload interfaces (usually named cali...). - type: string - natOutgoingAddress: - description: |- - NATOutgoingAddress specifies an address to use when performing source NAT for traffic in a natOutgoing pool that - is leaving the network. By default the address used is an address on the interface the traffic is leaving on - (i.e. it uses the iptables MASQUERADE target). - type: string - natOutgoingExclusions: - description: |- - When a IP pool setting `natOutgoing` is true, packets sent from Calico networked containers in this IP pool to destinations will be masqueraded. - Configure which type of destinations is excluded from being masqueraded. - - IPPoolsOnly: destinations outside of this IP pool will be masqueraded. - - IPPoolsAndHostIPs: destinations outside of this IP pool and all hosts will be masqueraded. - [Default: IPPoolsOnly] - enum: - - IPPoolsOnly - - IPPoolsAndHostIPs - type: string - natPortRange: - anyOf: - - type: integer - - type: string - description: |- - NATPortRange specifies the range of ports that is used for port mapping when doing outgoing NAT. When unset the default behavior of the - network stack is used. - pattern: ^.* - x-kubernetes-int-or-string: true - netlinkTimeout: - description: |- - NetlinkTimeout is the timeout when talking to the kernel over the netlink protocol, used for programming - routes, rules, and other kernel objects. [Default: 10s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - nfNetlinkBufSize: - description: |- - NfNetlinkBufSize controls the size of NFLOG messages that the kernel will try to send to Felix. NFLOG messages - are used to report flow verdicts from the kernel. Warning: currently increasing the value may cause errors - due to a bug in the netlink library. - type: string - nftablesDNSPolicyMode: - description: |- - NFTablesDNSPolicyMode specifies how DNS policy programming will be handled for NFTables. - DelayDeniedPacket - Felix delays any denied packet that traversed a policy that included egress domain matches, - but did not match. The packet is released after a fixed time, or after the destination IP address was programmed. - DelayDNSResponse - Felix delays any DNS response until related IPSets are programmed. This introduces some - latency to all DNS packets (even when no IPSet programming is required), but it ensures policy hit statistics - are accurate. This is the recommended setting when you are making use of staged policies or policy rule hit - statistics. - NoDelay - Felix does not introduce any delay to the packets. DNS rules may not have been programmed by the time - the first packet traverses the policy rules. Client applications need to handle reconnection attempts if initial - connection attempts fail. This may be problematic for some applications or for very low DNS TTLs. - [Default: DelayDeniedPacket] - enum: - - NoDelay - - DelayDeniedPacket - - DelayDNSResponse - type: string - nftablesFilterAllowAction: - description: |- - NftablesFilterAllowAction controls the nftables action that Felix uses to represent the "allow" policy verdict - in the filter table. The default is to `ACCEPT` the traffic, which is a terminal action. Alternatively, - `RETURN` can be used to return the traffic back to the top-level chain for further processing by your rules. - pattern: ^(?i)(Accept|Return)?$ - type: string - nftablesFilterDenyAction: - description: |- - NftablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default, Calico - blocks traffic with a "drop" action. If you want to use a "reject" action instead you can configure it here. - pattern: ^(?i)(Drop|Reject)?$ - type: string - nftablesMangleAllowAction: - description: |- - NftablesMangleAllowAction controls the nftables action that Felix uses to represent the "allow" policy verdict - in the mangle table. The default is to `ACCEPT` the traffic, which is a terminal action. Alternatively, - `RETURN` can be used to return the traffic back to the top-level chain for further processing by your rules. - pattern: ^(?i)(Accept|Return)?$ - type: string - nftablesMarkMask: - description: |- - NftablesMarkMask is the mask that Felix selects its nftables Mark bits from. Should be a 32 bit hexadecimal - number with at least 8 bits set, none of which clash with any other mark bits in use on the system. - [Default: 0xffff0000] - format: int32 - type: integer - nftablesMode: - default: Auto - description: - "NFTablesMode configures nftables support in Felix. [Default: - Auto]" - enum: - - Disabled - - Enabled - - Auto - type: string - nftablesRefreshInterval: - description: - "NftablesRefreshInterval controls the interval at which - Felix periodically refreshes the nftables rules. [Default: 90s]" - type: string - openstackRegion: - description: |- - OpenstackRegion is the name of the region that a particular Felix belongs to. In a multi-region - Calico/OpenStack deployment, this must be configured somehow for each Felix (here in the datamodel, - or in felix.cfg or the environment on each compute node), and must match the [calico] - openstack_region value configured in neutron.conf on each node. [Default: Empty] - type: string - policyActivityLogsFileDirectory: - description: |- - PolicyActivityLogsFileDirectory sets the directory where policy activity log files are stored. - [Default: /var/log/calico/policy] - type: string - policyActivityLogsFileEnabled: - description: |- - PolicyActivityLogsFileEnabled controls logging policy activity logs to a file. If false no policy activity logging to file will occur. - [Default: true] - type: boolean - policyActivityLogsFileMaxFileSizeMB: - description: |- - PolicyActivityLogsFileMaxFileSizeMB sets the max size in MB of policy activity log files before rotation. - [Default: 100] - type: integer - policyActivityLogsFileMaxFiles: - description: |- - PolicyActivityLogsFileMaxFiles sets the number of policy activity log files to keep. - [Default: 5] - type: integer - policyActivityLogsFlushInterval: - description: |- - PolicyActivityLogsFlushInterval configures the interval at which Felix exports policy activity logs. - [Default: 15s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - policySyncPathPrefix: - description: |- - PolicySyncPathPrefix is used to by Felix to communicate policy changes to external services, - like Application layer policy. [Default: Empty] - type: string - programClusterRoutes: - description: |- - ProgramClusterRoutes specifies whether Felix should program IPIP routes instead of BIRD. - Felix always programs VXLAN routes. [Default: Disabled] - enum: - - Enabled - - Disabled - type: string - prometheusGoMetricsEnabled: - description: |- - PrometheusGoMetricsEnabled disables Go runtime metrics collection, which the Prometheus client does by default, when - set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true] - type: boolean - prometheusMetricsCAFile: - description: |- - PrometheusMetricsCAFile defines the absolute path to the TLS CA certificate file used for securing the /metrics endpoint. - This certificate must be valid and accessible by the calico-node process. - type: string - prometheusMetricsCertFile: - description: |- - PrometheusMetricsCertFile defines the absolute path to the TLS certificate file used for securing the /metrics endpoint. - This certificate must be valid and accessible by the calico-node process. - type: string - prometheusMetricsClientAuth: - description: |- - PrometheusMetricsClientAuth specifies the client authentication type for the /metrics endpoint. - This determines how the server validates client certificates. Default is "RequireAndVerifyClientCert". - type: string - prometheusMetricsEnabled: - description: - "PrometheusMetricsEnabled enables the Prometheus metrics - server in Felix if set to true. [Default: false]" - type: boolean - prometheusMetricsHost: - description: - "PrometheusMetricsHost is the host that the Prometheus - metrics server should bind to. [Default: empty]" - type: string - prometheusMetricsKeyFile: - description: |- - PrometheusMetricsKeyFile defines the absolute path to the private key file corresponding to the TLS certificate - used for securing the /metrics endpoint. The private key must be valid and accessible by the calico-node process. - type: string - prometheusMetricsPort: - description: - "PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. [Default: 9091]" - type: integer - prometheusProcessMetricsEnabled: - description: |- - PrometheusProcessMetricsEnabled disables process metrics collection, which the Prometheus client does by default, when - set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true] - type: boolean - prometheusReporterCAFile: - description: - PrometheusReporterCAFile is the path to the TLS CA file - for the Prometheus per-flow metrics reporter. - type: string - prometheusReporterCertFile: - description: - PrometheusReporterCertFile is the path to the TLS certificate - file for the Prometheus per-flow metrics reporter. - type: string - prometheusReporterEnabled: - description: |- - PrometheusReporterEnabled controls whether the Prometheus per-flow metrics reporter is enabled. This is - used to show real-time flow metrics in the UI. - type: boolean - prometheusReporterKeyFile: - description: - PrometheusReporterKeyFile is the path to the TLS private - key file for the Prometheus per-flow metrics reporter. - type: string - prometheusReporterPort: - description: - PrometheusReporterPort is the port that the Prometheus - per-flow metrics reporter should bind to. - type: integer - prometheusWireGuardMetricsEnabled: - description: |- - PrometheusWireGuardMetricsEnabled disables wireguard metrics collection, which the Prometheus client does by default, when - set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true] - type: boolean - removeExternalRoutes: - description: |- - RemoveExternalRoutes Controls whether Felix will remove unexpected routes to workload interfaces. Felix will - always clean up expected routes that use the configured DeviceRouteProtocol. To add your own routes, you must - use a distinct protocol (in addition to setting this field to false). - type: boolean - reportingInterval: - description: |- - ReportingInterval is the interval at which Felix reports its status into the datastore or 0 to disable. - Must be non-zero in OpenStack deployments. [Default: 30s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - reportingTTL: - description: - "ReportingTTL is the time-to-live setting for process-wide - status reports. [Default: 90s]" - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - requireMTUFile: - description: |- - RequireMTUFile specifies whether mtu file is required to start the felix. - Optional as to keep the same as previous behavior. [Default: false] - type: boolean - routeRefreshInterval: - description: |- - RouteRefreshInterval is the period at which Felix re-checks the routes - in the dataplane to ensure that no other process has accidentally broken Calico's rules. - Set to 0 to disable route refresh. [Default: 90s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - routeSource: - description: |- - RouteSource configures where Felix gets its routing information. - - WorkloadIPs: use workload endpoints to construct routes. - - CalicoIPAM: the default - use IPAM data to construct routes. - pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$ - type: string - routeSyncDisabled: - description: |- - RouteSyncDisabled will disable all operations performed on the route table. Set to true to - run in network-policy mode only. - type: boolean - routeTableRange: - description: |- - Deprecated in favor of RouteTableRanges. - Calico programs additional Linux route tables for various purposes. - RouteTableRange specifies the indices of the route tables that Calico should use. - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - routeTableRanges: - description: |- - Calico programs additional Linux route tables for various purposes. - RouteTableRanges specifies a set of table index ranges that Calico should use. - Deprecates`RouteTableRange`, overrides `RouteTableRange`. - items: - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - type: array - serviceLoopPrevention: - description: |- - When service IP advertisement is enabled, prevent routing loops to service IPs that are - not in use, by dropping or rejecting packets that do not get DNAT'd by kube-proxy. - Unless set to "Disabled", in which case such routing loops continue to be allowed. - [Default: Drop] - pattern: ^(?i)(Drop|Reject|Disabled)?$ - type: string - sidecarAccelerationEnabled: - description: - "SidecarAccelerationEnabled enables experimental sidecar - acceleration [Default: false]" - type: boolean - statsDumpFilePath: - description: - StatsDumpFilePath is the path to write a diagnostic flow - logs statistics dump to when triggered by signal. - type: string - syslogReporterAddress: - description: |- - SyslogReporterAddress is the address to dial to when writing to Syslog. For TCP and UDP networks, the address has - the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. - The port must be a literal port number or a service name. For more, see: https://pkg.go.dev/net#Dial - type: string - syslogReporterEnabled: - description: |- - SyslogReporterEnabled turns on the feature to write logs to Syslog. Please note that this can incur significant - disk space usage when running felix on non-cluster hosts. - type: boolean - syslogReporterNetwork: - description: |- - SyslogReporterNetwork is the network to dial to when writing to Syslog. Known networks are "tcp", "tcp4" - (IPv4-only), "tcp6" (IPv6-only), "udp", "udp4" (IPv4-only), "udp6" (IPv6-only), "ip", "ip4" (IPv4-only), "ip6" - (IPv6-only), "unix", "unixgram" and "unixpacket". For more, see: https://pkg.go.dev/net#Dial - type: string - tproxyMode: - description: |- - TPROXYMode sets whether traffic is directed through a transparent proxy - for further processing or not and how is the proxying done. - [Default: Disabled] - pattern: ^(?i)(Disabled|Enabled|EnabledAllServices)?$ - type: string - tproxyPort: - description: |- - TPROXYPort sets to which port proxied traffic should be redirected. - [Default: 16001] - type: integer - tproxyUpstreamConnMark: - description: |- - TPROXYUpstreamConnMark tells Felix which mark is used by the proxy for its upstream - connections so that Felix can program the dataplane correctly. [Default: 0x17] - format: int32 - type: integer - usageReportingEnabled: - description: - UsageReportingEnabled is unused in Calico Enterprise, - usage reporting is permanently disabled. - type: boolean - usageReportingInitialDelay: - description: - "UsageReportingInitialDelay is unused in Calico Enterprise, - usage reporting is permanently disabled. [Default: 300s]" - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - usageReportingInterval: - description: - "UsageReportingInterval is unused in Calico Enterprise, - usage reporting is permanently disabled. [Default: 86400s]" - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - useInternalDataplaneDriver: - description: |- - UseInternalDataplaneDriver, if true, Felix will use its internal dataplane programming logic. If false, it - will launch an external dataplane driver and communicate with it over protobuf. - type: boolean - vxlanEnabled: - description: |- - VXLANEnabled overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking. - Optional as Felix determines this based on the existing IP pools. [Default: nil (unset)] - type: boolean - vxlanMTU: - description: |- - VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the - MTU of the host's interfaces. [Default: 0 (auto-detect)] - type: integer - vxlanMTUV6: - description: |- - VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the - MTU of the host's interfaces. [Default: 0 (auto-detect)] - type: integer - vxlanPort: - description: - "VXLANPort is the UDP port number to use for VXLAN traffic. - [Default: 4789]" - type: integer - vxlanVNI: - description: |- - VXLANVNI is the VXLAN VNI to use for VXLAN traffic. You may need to change this if the default value is - in use on your system. [Default: 4096] - type: integer - wafEventLogsFileDirectory: - description: |- - WAFEventLogsFileDirectory sets the directory where WAFEvent log files are stored. - [Default: /var/log/calico/waf] - type: string - wafEventLogsFileEnabled: - description: |- - WAFEventLogsFileEnabled controls logging WAFEvent logs to a file. If false no WAFEvent logging to file will occur. - [Default: false] - type: boolean - wafEventLogsFileMaxFileSizeMB: - description: |- - WAFEventLogsFileMaxFileSizeMB sets the max size in MB of WAFEvent log files before rotation. - [Default: 100] - type: integer - wafEventLogsFileMaxFiles: - description: |- - WAFEventLogsFileMaxFiles sets the number of WAFEvent log files to keep. - [Default: 5] - type: integer - wafEventLogsFlushInterval: - description: |- - WAFEventLogsFlushInterval configures the interval at which Felix exports WAFEvent logs. - [Default: 15s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - windowsDnsCacheFile: - description: |- - The name of the file that Felix uses to preserve learnt DNS information when restarting. [Default: - "c:\\TigeraCalico\\felix-dns-cache.txt"]. - type: string - windowsDnsExtraTTL: - description: |- - Extra time to keep IPs and alias names that are learnt from DNS, in addition to each name - or IP's advertised TTL. The default value is 120s which is same as the default value of - ServicePointManager.DnsRefreshTimeout on .net framework. [Default: 120s]. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - windowsFlowLogsFileDirectory: - description: - 'WindowsFlowLogsFileDirectory sets the directory where - flow logs files are stored on Windows nodes. [Default: "c:\\TigeraCalico\\flowlogs"].' - type: string - windowsFlowLogsPositionFilePath: - description: |- - WindowsFlowLogsPositionFilePath is used to specify the position of the external pipeline that reads flow logs on Windows nodes. - [Default: "c:\\TigeraCalico\\flowlogs\\flows.log.pos"]. - This parameter only takes effect when FlowLogsDynamicAggregationEnabled is set to true. - type: string - windowsManageFirewallRules: - description: - "WindowsManageFirewallRules configures whether or not - Felix will program Windows Firewall rules (to allow inbound access - to its own metrics ports). [Default: Disabled]" - enum: - - Enabled - - Disabled - type: string - windowsNetworkName: - description: |- - WindowsNetworkName specifies which Windows HNS networks Felix should operate on. The default is to match - networks that start with "calico". Supports regular expression syntax. - type: string - windowsStatsDumpFilePath: - description: - 'WindowsStatsDumpFilePath is used to specify the path - of the stats dump file on Windows nodes. [Default: "c:\\TigeraCalico\\stats\\dump"]' - type: string - wireguardEnabled: - description: - "WireguardEnabled controls whether Wireguard is enabled - for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). - [Default: false]" - type: boolean - wireguardEnabledV6: - description: - "WireguardEnabledV6 controls whether Wireguard is enabled - for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). - [Default: false]" - type: boolean - wireguardHostEncryptionEnabled: - description: - "WireguardHostEncryptionEnabled controls whether Wireguard - host-to-host encryption is enabled. [Default: false]" - type: boolean - wireguardInterfaceName: - description: - "WireguardInterfaceName specifies the name to use for - the IPv4 Wireguard interface. [Default: wireguard.cali]" - type: string - wireguardInterfaceNameV6: - description: - "WireguardInterfaceNameV6 specifies the name to use for - the IPv6 Wireguard interface. [Default: wg-v6.cali]" - type: string - wireguardKeepAlive: - description: - "WireguardPersistentKeepAlive controls Wireguard PersistentKeepalive - option. Set 0 to disable. [Default: 0]" - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - wireguardListeningPort: - description: - "WireguardListeningPort controls the listening port used - by IPv4 Wireguard. [Default: 51820]" - type: integer - wireguardListeningPortV6: - description: - "WireguardListeningPortV6 controls the listening port - used by IPv6 Wireguard. [Default: 51821]" - type: integer - wireguardMTU: - description: - "WireguardMTU controls the MTU on the IPv4 Wireguard - interface. See Configuring MTU [Default: 1440]" - type: integer - wireguardMTUV6: - description: - "WireguardMTUV6 controls the MTU on the IPv6 Wireguard - interface. See Configuring MTU [Default: 1420]" - type: integer - wireguardRoutingRulePriority: - description: - "WireguardRoutingRulePriority controls the priority value - to use for the Wireguard routing rule. [Default: 99]" - type: integer - wireguardThreadingEnabled: - description: |- - WireguardThreadingEnabled controls whether Wireguard has Threaded NAPI enabled. [Default: false] - This increases the maximum number of packets a Wireguard interface can process. - Consider threaded NAPI only if you have high packets per second workloads that are causing dropping packets due to a saturated `softirq` CPU core. - There is a [known issue](https://lore.kernel.org/netdev/CALrw=nEoT2emQ0OAYCjM1d_6Xe_kNLSZ6dhjb5FxrLFYh4kozA@mail.gmail.com/T/) with this setting - that may cause NAPI to get stuck holding the global `rtnl_mutex` when a peer is removed. - Workaround: Make sure your Linux kernel [includes this patch](https://github.com/torvalds/linux/commit/56364c910691f6d10ba88c964c9041b9ab777bd6) to unwedge NAPI. - type: boolean - workloadSourceSpoofing: - description: |- - WorkloadSourceSpoofing controls whether pods can use the allowedSourcePrefixes annotation to send traffic with a source IP - address that is not theirs. This is disabled by default. When set to "Any", pods can request any prefix. - pattern: ^(?i)(Disabled|Any)?$ - type: string - xdpEnabled: - description: - "XDPEnabled enables XDP acceleration for suitable untracked - incoming deny rules. [Default: true]" - type: boolean - xdpRefreshInterval: - description: |- - XDPRefreshInterval is the period at which Felix re-checks all XDP state to ensure that no - other process has accidentally broken Calico's BPF maps or attached programs. Set to 0 to - disable XDP refresh. [Default: 90s] - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalalerts.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalalerts.yaml deleted file mode 100644 index 9f302e6..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalalerts.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalalerts.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalAlert - listKind: GlobalAlertList - plural: globalalerts - singular: globalalert - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - aggregateBy: - items: - type: string - type: array - condition: - type: string - dataSet: - type: string - description: - type: string - detector: - properties: - name: - type: string - required: - - name - type: object - field: - type: string - lookback: - type: string - metric: - type: string - period: - type: string - query: - type: string - severity: - type: integer - substitutions: - items: - properties: - name: - type: string - values: - items: - type: string - type: array - required: - - name - type: object - type: array - summary: - type: string - threshold: - type: number - type: - type: string - required: - - description - - severity - type: object - status: - properties: - active: - type: boolean - errorConditions: - items: - properties: - message: - type: string - type: - type: string - required: - - message - - type - type: object - type: array - healthy: - type: boolean - lastEvent: - format: date-time - type: string - lastExecuted: - format: date-time - type: string - lastUpdate: - format: date-time - type: string - required: - - active - - healthy - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalalerttemplates.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalalerttemplates.yaml deleted file mode 100644 index 3cb91f3..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalalerttemplates.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalalerttemplates.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalAlertTemplate - listKind: GlobalAlertTemplateList - plural: globalalerttemplates - singular: globalalerttemplate - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - aggregateBy: - items: - type: string - type: array - condition: - type: string - dataSet: - type: string - description: - type: string - detector: - properties: - name: - type: string - required: - - name - type: object - field: - type: string - lookback: - type: string - metric: - type: string - period: - type: string - query: - type: string - severity: - type: integer - substitutions: - items: - properties: - name: - type: string - values: - items: - type: string - type: array - required: - - name - type: object - type: array - summary: - type: string - threshold: - type: number - type: - type: string - required: - - description - - severity - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalnetworkpolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalnetworkpolicies.yaml deleted file mode 100644 index d457e1e..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalnetworkpolicies.yaml +++ /dev/null @@ -1,471 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkPolicy - listKind: GlobalNetworkPolicyList - plural: globalnetworkpolicies - singular: globalnetworkpolicy - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - type: boolean - doNotTrack: - type: boolean - egress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - type: string - order: - type: number - performanceHints: - items: - enum: - - AssumeNeededOnEveryNode - type: string - type: array - preDNAT: - type: boolean - selector: - type: string - serviceAccountSelector: - type: string - tier: - default: default - type: string - types: - items: - enum: - - Ingress - - Egress - type: string - maxItems: 2 - minItems: 1 - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalnetworksets.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalnetworksets.yaml deleted file mode 100644 index 3477cfe..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalnetworksets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalnetworksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkSet - listKind: GlobalNetworkSetList - plural: globalnetworksets - singular: globalnetworkset - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - allowedEgressDomains: - items: - type: string - type: array - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalreports.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalreports.yaml deleted file mode 100644 index fb7eb78..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalreports.yaml +++ /dev/null @@ -1,235 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalreports.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalReport - listKind: GlobalReportList - plural: globalreports - singular: globalreport - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - cis: - properties: - highThreshold: - type: integer - includeUnscoredTests: - type: boolean - medThreshold: - type: integer - numFailedTests: - type: integer - resultsFilters: - items: - properties: - benchmarkSelection: - properties: - kubernetesVersion: - type: string - type: object - exclude: - items: - type: string - type: array - include: - items: - type: string - type: array - type: object - type: array - type: object - endpoints: - properties: - namespaces: - properties: - names: - items: - type: string - type: array - selector: - type: string - type: object - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - selector: - type: string - type: object - type: object - jobNodeSelector: - additionalProperties: - type: string - type: object - reportType: - type: string - schedule: - type: string - suspend: - type: boolean - required: - - reportType - type: object - status: - properties: - activeReportJobs: - items: - properties: - end: - format: date-time - type: string - job: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - x-kubernetes-map-type: atomic - start: - format: date-time - type: string - required: - - end - - job - - start - type: object - type: array - lastFailedReportJobs: - items: - properties: - end: - format: date-time - type: string - job: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - x-kubernetes-map-type: atomic - jobCompletionTime: - format: date-time - type: string - start: - format: date-time - type: string - required: - - end - - job - - start - type: object - type: array - lastScheduledReportJob: - properties: - end: - format: date-time - type: string - job: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - x-kubernetes-map-type: atomic - start: - format: date-time - type: string - required: - - end - - job - - start - type: object - lastSuccessfulReportJobs: - items: - properties: - end: - format: date-time - type: string - job: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - x-kubernetes-map-type: atomic - jobCompletionTime: - format: date-time - type: string - start: - format: date-time - type: string - required: - - end - - job - - start - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalreporttypes.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalreporttypes.yaml deleted file mode 100644 index a90d637..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalreporttypes.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalreporttypes.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalReportType - listKind: GlobalReportTypeList - plural: globalreporttypes - singular: globalreporttype - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - auditEventsSelection: - properties: - resources: - items: - properties: - apiGroup: - type: string - apiVersion: - type: string - name: - type: string - namespace: - type: string - resource: - type: string - type: object - type: array - type: object - downloadTemplates: - items: - properties: - description: - type: string - name: - type: string - template: - type: string - type: object - type: array - includeCISBenchmarkData: - type: boolean - includeEndpointData: - type: boolean - includeEndpointFlowLogData: - type: boolean - uiSummaryTemplate: - properties: - description: - type: string - name: - type: string - template: - type: string - type: object - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_globalthreatfeeds.yaml b/libcalico-go/config/crd/crd.projectcalico.org_globalthreatfeeds.yaml deleted file mode 100644 index 5436c71..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_globalthreatfeeds.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: globalthreatfeeds.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalThreatFeed - listKind: GlobalThreatFeedList - plural: globalthreatfeeds - singular: globalthreatfeed - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - content: - default: IPSet - enum: - - IPSet - - DomainNameSet - type: string - description: - maxLength: 256 - type: string - feedType: - default: Custom - enum: - - Builtin - - Custom - type: string - globalNetworkSet: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - mode: - default: Enabled - enum: - - Enabled - - Disabled - type: string - pull: - properties: - http: - properties: - format: - properties: - csv: - properties: - columnDelimiter: - type: string - commentDelimiter: - type: string - disableRecordSizeValidation: - type: boolean - fieldName: - type: string - fieldNum: - type: integer - header: - type: boolean - recordSize: - type: integer - type: object - json: - properties: - path: - type: string - type: object - newlineDelimited: - type: object - type: object - headers: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - url: - type: string - required: - - url - type: object - period: - type: string - required: - - http - type: object - type: object - status: - properties: - errorConditions: - items: - properties: - message: - type: string - type: - type: string - required: - - message - - type - type: object - type: array - lastSuccessfulSearch: - format: date-time - type: string - lastSuccessfulSync: - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/libcalico-go/config/crd/crd.projectcalico.org_hostendpoints.yaml b/libcalico-go/config/crd/crd.projectcalico.org_hostendpoints.yaml deleted file mode 100644 index bd72742..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_hostendpoints.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: hostendpoints.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: HostEndpoint - listKind: HostEndpointList - plural: hostendpoints - singular: hostendpoint - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - expectedIPs: - items: - type: string - type: array - x-kubernetes-list-type: set - interfaceName: - type: string - node: - type: string - ports: - items: - properties: - name: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - required: - - name - - port - - protocol - type: object - type: array - profiles: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_ipamblocks.yaml b/libcalico-go/config/crd/crd.projectcalico.org_ipamblocks.yaml deleted file mode 100644 index 051bc67..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_ipamblocks.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: ipamblocks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMBlock - listKind: IPAMBlockList - plural: ipamblocks - singular: ipamblock - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - affinity: - type: string - affinityClaimTime: - format: date-time - type: string - allocations: - items: - type: integer - # TODO: This nullable is manually added in. We should update controller-gen - # to handle []*int properly itself. - nullable: true - type: array - attributes: - items: - properties: - handle_id: - type: string - secondary: - additionalProperties: - type: string - type: object - type: object - type: array - cidr: - type: string - deleted: - type: boolean - sequenceNumber: - default: 0 - format: int64 - type: integer - sequenceNumberForAllocation: - additionalProperties: - format: int64 - type: integer - type: object - strictAffinity: - type: boolean - unallocated: - items: - type: integer - type: array - required: - - allocations - - attributes - - cidr - - strictAffinity - - unallocated - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_ipamconfigs.yaml b/libcalico-go/config/crd/crd.projectcalico.org_ipamconfigs.yaml deleted file mode 100644 index b7e9260..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_ipamconfigs.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: ipamconfigs.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMConfig - listKind: IPAMConfigList - plural: ipamconfigs - singular: ipamconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - autoAllocateBlocks: - type: boolean - maxBlocksPerHost: - maximum: 2147483647 - minimum: 0 - type: integer - strictAffinity: - type: boolean - required: - - autoAllocateBlocks - - strictAffinity - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_ipamhandles.yaml b/libcalico-go/config/crd/crd.projectcalico.org_ipamhandles.yaml deleted file mode 100644 index d2305fe..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_ipamhandles.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: ipamhandles.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMHandle - listKind: IPAMHandleList - plural: ipamhandles - singular: ipamhandle - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - block: - additionalProperties: - type: integer - type: object - deleted: - type: boolean - handleID: - type: string - required: - - block - - handleID - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml b/libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml deleted file mode 100644 index 2d62a06..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: ippools.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPPool - listKind: IPPoolList - plural: ippools - singular: ippool - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - allowedUses: - items: - enum: - - Workload - - Tunnel - - LoadBalancer - type: string - type: array - x-kubernetes-list-type: set - assignmentMode: - default: Automatic - enum: - - Automatic - - Manual - type: string - awsSubnetID: - type: string - blockSize: - maximum: 128 - minimum: 0 - type: integer - cidr: - format: cidr - type: string - disableBGPExport: - type: boolean - disabled: - type: boolean - ipipMode: - enum: - - Never - - Always - - CrossSubnet - type: string - namespaceSelector: - type: string - natOutgoing: - type: boolean - nodeSelector: - type: string - vxlanMode: - enum: - - Never - - Always - - CrossSubnet - type: string - required: - - cidr - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_ipreservations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_ipreservations.yaml deleted file mode 100644 index 251ba2b..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_ipreservations.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: ipreservations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPReservation - listKind: IPReservationList - plural: ipreservations - singular: ipreservation - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - reservedCIDRs: - format: cidr - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_kubecontrollersconfigurations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_kubecontrollersconfigurations.yaml deleted file mode 100644 index 89dd905..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_kubecontrollersconfigurations.yaml +++ /dev/null @@ -1,280 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: KubeControllersConfiguration - listKind: KubeControllersConfigurationList - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - controllers: - properties: - federatedServices: - properties: - reconcilerPeriod: - type: string - type: object - loadBalancer: - properties: - assignIPs: - default: AllServices - enum: - - AllServices - - RequestedServicesOnly - type: string - type: object - namespace: - properties: - reconcilerPeriod: - type: string - type: object - node: - properties: - hostEndpoint: - properties: - autoCreate: - enum: - - Enabled - - Disabled - type: string - createDefaultHostEndpoint: - type: string - templates: - items: - properties: - generateName: - maxLength: 253 - type: string - interfaceCIDRs: - items: - type: string - type: array - x-kubernetes-list-type: set - interfacePattern: - type: string - labels: - additionalProperties: - type: string - type: object - nodeSelector: - type: string - type: object - type: array - type: object - leakGracePeriod: - type: string - reconcilerPeriod: - type: string - syncLabels: - enum: - - Enabled - - Disabled - type: string - type: object - policy: - properties: - reconcilerPeriod: - type: string - type: object - policyMigration: - properties: - enabled: - default: Enabled - enum: - - Disabled - - Enabled - type: string - type: object - serviceAccount: - properties: - reconcilerPeriod: - type: string - type: object - workloadEndpoint: - properties: - reconcilerPeriod: - type: string - type: object - type: object - debugProfilePort: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - etcdV3CompactionPeriod: - type: string - healthChecks: - default: Enabled - enum: - - Enabled - - Disabled - type: string - logSeverityScreen: - enum: - - None - - Debug - - Info - - Warning - - Error - - Fatal - - Panic - type: string - prometheusMetricsPort: - maximum: 65535 - minimum: 0 - type: integer - required: - - controllers - type: object - status: - properties: - environmentVars: - additionalProperties: - type: string - type: object - runningConfig: - properties: - controllers: - properties: - federatedServices: - properties: - reconcilerPeriod: - type: string - type: object - loadBalancer: - properties: - assignIPs: - default: AllServices - enum: - - AllServices - - RequestedServicesOnly - type: string - type: object - namespace: - properties: - reconcilerPeriod: - type: string - type: object - node: - properties: - hostEndpoint: - properties: - autoCreate: - enum: - - Enabled - - Disabled - type: string - createDefaultHostEndpoint: - type: string - templates: - items: - properties: - generateName: - maxLength: 253 - type: string - interfaceCIDRs: - items: - type: string - type: array - x-kubernetes-list-type: set - interfacePattern: - type: string - labels: - additionalProperties: - type: string - type: object - nodeSelector: - type: string - type: object - type: array - type: object - leakGracePeriod: - type: string - reconcilerPeriod: - type: string - syncLabels: - enum: - - Enabled - - Disabled - type: string - type: object - policy: - properties: - reconcilerPeriod: - type: string - type: object - policyMigration: - properties: - enabled: - default: Enabled - enum: - - Disabled - - Enabled - type: string - type: object - serviceAccount: - properties: - reconcilerPeriod: - type: string - type: object - workloadEndpoint: - properties: - reconcilerPeriod: - type: string - type: object - type: object - debugProfilePort: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - etcdV3CompactionPeriod: - type: string - healthChecks: - default: Enabled - enum: - - Enabled - - Disabled - type: string - logSeverityScreen: - enum: - - None - - Debug - - Info - - Warning - - Error - - Fatal - - Panic - type: string - prometheusMetricsPort: - maximum: 65535 - minimum: 0 - type: integer - required: - - controllers - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/libcalico-go/config/crd/crd.projectcalico.org_licensekeys.yaml b/libcalico-go/config/crd/crd.projectcalico.org_licensekeys.yaml deleted file mode 100644 index 4ebb992..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_licensekeys.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: licensekeys.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: LicenseKey - listKind: LicenseKeyList - plural: licensekeys - singular: licensekey - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificate: - type: string - token: - type: string - required: - - token - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - expiry: - format: date-time - nullable: true - type: string - features: - items: - type: string - type: array - gracePeriod: - type: string - maxnodes: - type: integer - package: - enum: - - CloudCommunity - - CloudStarter - - CloudPro - - Enterprise - type: string - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_managedclusters.yaml b/libcalico-go/config/crd/crd.projectcalico.org_managedclusters.yaml deleted file mode 100644 index 477f0ab..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_managedclusters.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: managedclusters.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ManagedCluster - listKind: ManagedClusterList - plural: managedclusters - singular: managedcluster - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificate: - format: byte - type: string - installationManifest: - type: string - operatorNamespace: - type: string - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_networkpolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_networkpolicies.yaml deleted file mode 100644 index 2cddd47..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_networkpolicies.yaml +++ /dev/null @@ -1,463 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: networkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkPolicy - listKind: NetworkPolicyList - plural: networkpolicies - singular: networkpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - egress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - type: number - performanceHints: - items: - enum: - - AssumeNeededOnEveryNode - type: string - type: array - selector: - type: string - serviceAccountSelector: - type: string - tier: - default: default - type: string - types: - items: - enum: - - Ingress - - Egress - type: string - maxItems: 2 - minItems: 1 - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_networksets.yaml b/libcalico-go/config/crd/crd.projectcalico.org_networksets.yaml deleted file mode 100644 index a605f76..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_networksets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: networksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkSet - listKind: NetworkSetList - plural: networksets - singular: networkset - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - allowedEgressDomains: - items: - type: string - type: array - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_packetcaptures.yaml b/libcalico-go/config/crd/crd.projectcalico.org_packetcaptures.yaml deleted file mode 100644 index c245312..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_packetcaptures.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: packetcaptures.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: PacketCapture - listKind: PacketCaptureList - plural: packetcaptures - singular: packetcapture - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - endTime: - format: date-time - type: string - filters: - items: - properties: - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: object - type: array - selector: - default: all() - type: string - startTime: - format: date-time - type: string - type: object - status: - properties: - files: - items: - properties: - directory: - type: string - fileNames: - items: - type: string - type: array - node: - type: string - state: - enum: - - Capturing - - Finished - - Scheduled - - Error - - WaitingForTraffic - type: string - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_policyrecommendationscopes.yaml b/libcalico-go/config/crd/crd.projectcalico.org_policyrecommendationscopes.yaml deleted file mode 100644 index f1edd8b..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_policyrecommendationscopes.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: policyrecommendationscopes.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: PolicyRecommendationScope - listKind: PolicyRecommendationScopeList - plural: policyrecommendationscopes - singular: policyrecommendationscope - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - initialLookback: - type: string - interval: - type: string - maxRules: - type: integer - namespaceSpec: - properties: - intraNamespacePassThroughTraffic: - type: boolean - recStatus: - type: string - selector: - type: string - tierName: - type: string - required: - - selector - type: object - policiesLearningCutOff: - type: integer - stabilizationPeriod: - type: string - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/libcalico-go/config/crd/crd.projectcalico.org_remoteclusterconfigurations.yaml b/libcalico-go/config/crd/crd.projectcalico.org_remoteclusterconfigurations.yaml deleted file mode 100644 index 325f95d..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_remoteclusterconfigurations.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: remoteclusterconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: RemoteClusterConfiguration - listKind: RemoteClusterConfigurationList - plural: remoteclusterconfigurations - singular: remoteclusterconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterAccessSecret: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - x-kubernetes-map-type: atomic - datastoreType: - type: string - etcdCACert: - type: string - etcdCACertFile: - type: string - etcdCert: - type: string - etcdCertFile: - type: string - etcdEndpoints: - type: string - etcdKey: - type: string - etcdKeyFile: - type: string - etcdPassword: - type: string - etcdUsername: - type: string - k8sAPIEndpoint: - type: string - k8sAPIToken: - type: string - k8sCAFile: - type: string - k8sCertFile: - type: string - k8sInsecureSkipTLSVerify: - type: boolean - k8sKeyFile: - type: string - kubeconfig: - type: string - kubeconfigInline: - type: string - syncOptions: - default: - overlayRoutingMode: Disabled - properties: - overlayRoutingMode: - default: Disabled - type: string - type: object - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_securityeventwebhooks.yaml b/libcalico-go/config/crd/crd.projectcalico.org_securityeventwebhooks.yaml deleted file mode 100644 index bae685c..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_securityeventwebhooks.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: securityeventwebhooks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: SecurityEventWebhook - listKind: SecurityEventWebhookList - plural: securityeventwebhooks - singular: securityeventwebhook - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - config: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - properties: - key: - type: string - name: - default: "" - type: string - optional: - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - consumer: - type: string - query: - type: string - state: - type: string - required: - - config - - consumer - - query - - state - type: object - status: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_stagedglobalnetworkpolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_stagedglobalnetworkpolicies.yaml deleted file mode 100644 index 98a56ac..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_stagedglobalnetworkpolicies.yaml +++ /dev/null @@ -1,478 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: stagedglobalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: StagedGlobalNetworkPolicy - listKind: StagedGlobalNetworkPolicyList - plural: stagedglobalnetworkpolicies - singular: stagedglobalnetworkpolicy - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - type: boolean - doNotTrack: - type: boolean - egress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - type: string - order: - type: number - performanceHints: - items: - enum: - - AssumeNeededOnEveryNode - type: string - type: array - preDNAT: - type: boolean - selector: - type: string - serviceAccountSelector: - type: string - stagedAction: - enum: - - Set - - Delete - - Learn - - Ignore - type: string - tier: - default: default - type: string - types: - items: - enum: - - Ingress - - Egress - type: string - maxItems: 2 - minItems: 1 - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml deleted file mode 100644 index 242e6cd..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml +++ /dev/null @@ -1,254 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: stagedkubernetesnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: StagedKubernetesNetworkPolicy - listKind: StagedKubernetesNetworkPolicyList - plural: stagedkubernetesnetworkpolicies - singular: stagedkubernetesnetworkpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - egress: - items: - properties: - ports: - items: - properties: - endPort: - format: int32 - type: integer - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - protocol: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - to: - items: - properties: - ipBlock: - properties: - cidr: - type: string - except: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - cidr - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - ingress: - items: - properties: - from: - items: - properties: - ipBlock: - properties: - cidr: - type: string - except: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - cidr - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - type: object - type: array - x-kubernetes-list-type: atomic - ports: - items: - properties: - endPort: - format: int32 - type: integer - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - protocol: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - podSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - policyTypes: - items: - type: string - maxItems: 2 - minItems: 1 - type: array - x-kubernetes-list-type: set - stagedAction: - enum: - - Set - - Delete - - Learn - - Ignore - type: string - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_stagednetworkpolicies.yaml b/libcalico-go/config/crd/crd.projectcalico.org_stagednetworkpolicies.yaml deleted file mode 100644 index 3edec9c..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_stagednetworkpolicies.yaml +++ /dev/null @@ -1,470 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: stagednetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: StagedNetworkPolicy - listKind: StagedNetworkPolicyList - plural: stagednetworkpolicies - singular: stagednetworkpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - egress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - items: - properties: - action: - enum: - - Allow - - Deny - - Log - - Pass - type: string - destination: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - http: - properties: - headers: - items: - properties: - header: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - header - - operator - - values - type: object - type: array - methods: - items: - type: string - type: array - paths: - items: - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - ipVersion: - enum: - - 4 - - 6 - type: integer - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - type: object - notICMP: - properties: - code: - maximum: 255 - minimum: 0 - type: integer - type: - maximum: 255 - minimum: 0 - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - source: - properties: - domains: - items: - type: string - type: array - namespaceSelector: - type: string - nets: - items: - type: string - type: array - x-kubernetes-list-type: set - notNets: - items: - type: string - type: array - notPorts: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - type: string - ports: - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - type: string - serviceAccounts: - properties: - names: - items: - type: string - type: array - x-kubernetes-list-type: set - selector: - type: string - type: object - services: - properties: - name: - type: string - namespace: - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - type: number - performanceHints: - items: - enum: - - AssumeNeededOnEveryNode - type: string - type: array - selector: - type: string - serviceAccountSelector: - type: string - stagedAction: - enum: - - Set - - Delete - - Learn - - Ignore - type: string - tier: - default: default - type: string - types: - items: - enum: - - Ingress - - Egress - type: string - maxItems: 2 - minItems: 1 - type: array - x-kubernetes-list-type: set - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_tiers.yaml b/libcalico-go/config/crd/crd.projectcalico.org_tiers.yaml deleted file mode 100644 index e74d923..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_tiers.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: tiers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: Tier - listKind: TierList - plural: tiers - singular: tier - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - defaultAction: - allOf: - - enum: - - Allow - - Deny - - Log - - Pass - - enum: - - Pass - - Deny - type: string - order: - type: number - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: The 'kube-admin' tier must have default action 'Pass' - rule: - "self.metadata.name == 'kube-admin' ? self.spec.defaultAction == - 'Pass' : true" - - message: The 'kube-baseline' tier must have default action 'Pass' - rule: - "self.metadata.name == 'kube-baseline' ? self.spec.defaultAction - == 'Pass' : true" - - message: The 'default' tier must have default action 'Deny' - rule: - "self.metadata.name == 'default' ? self.spec.defaultAction == 'Deny' - : true" - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_uisettings.yaml b/libcalico-go/config/crd/crd.projectcalico.org_uisettings.yaml deleted file mode 100644 index fa9a8d2..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_uisettings.yaml +++ /dev/null @@ -1,195 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: uisettings.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: UISettings - listKind: UISettingsList - plural: uisettings - singular: uisettings - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - dashboard: - properties: - dashboardData: - items: - properties: - layout: - properties: - height: - format: int32 - type: integer - index: - type: string - isInNamespaceView: - type: boolean - isResizable: - type: boolean - isVisible: - type: boolean - maxHeight: - format: int32 - type: integer - maxWidth: - format: int32 - type: integer - minHeight: - format: int32 - type: integer - minWidth: - format: int32 - type: integer - width: - format: int32 - type: integer - xPos: - format: int32 - type: integer - yPos: - format: int32 - type: integer - required: - - height - - width - - xPos - - yPos - type: object - selectedNamespace: - type: string - type: - type: string - type: object - type: array - type: object - description: - type: string - group: - type: string - layer: - properties: - color: - type: string - icon: - type: string - nodes: - items: - properties: - id: - type: string - name: - type: string - namespace: - type: string - type: - type: string - required: - - id - - name - - type - type: object - type: array - required: - - nodes - type: object - user: - type: string - view: - properties: - expandPorts: - type: boolean - followConnectionDirection: - type: boolean - hostAggregationSelectors: - items: - properties: - name: - type: string - selector: - type: string - required: - - name - - selector - type: object - type: array - layers: - items: - type: string - type: array - layoutType: - type: string - nodes: - items: - properties: - deemphasize: - type: boolean - expanded: - type: boolean - followEgress: - type: boolean - followIngress: - type: boolean - hide: - type: boolean - hideUnrelated: - type: boolean - id: - type: string - inFocus: - type: boolean - name: - type: string - namespace: - type: string - type: - type: string - required: - - id - - name - - type - type: object - type: array - positions: - items: - properties: - id: - type: string - xPos: - type: integer - yPos: - type: integer - zPos: - type: integer - required: - - id - - xPos - - yPos - - zPos - type: object - type: array - splitIngressEgress: - type: boolean - type: object - required: - - description - - group - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/crd.projectcalico.org_uisettingsgroups.yaml b/libcalico-go/config/crd/crd.projectcalico.org_uisettingsgroups.yaml deleted file mode 100644 index 780a321..0000000 --- a/libcalico-go/config/crd/crd.projectcalico.org_uisettingsgroups.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: uisettingsgroups.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: UISettingsGroup - listKind: UISettingsGroupList - plural: uisettingsgroups - singular: uisettingsgroup - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - description: - type: string - filterType: - enum: - - None - - User - type: string - required: - - description - type: object - type: object - served: true - storage: true diff --git a/libcalico-go/config/crd/policy.networking.k8s.io_adminnetworkpolicies.yaml b/libcalico-go/config/crd/policy.networking.k8s.io_adminnetworkpolicies.yaml deleted file mode 100644 index 3fd0b0f..0000000 --- a/libcalico-go/config/crd/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ /dev/null @@ -1,1107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/network-policy-api/pull/30 - policy.networking.k8s.io/bundle-version: v0.1.1 - policy.networking.k8s.io/channel: experimental - creationTimestamp: null - name: adminnetworkpolicies.policy.networking.k8s.io -spec: - group: policy.networking.k8s.io - names: - kind: AdminNetworkPolicy - listKind: AdminNetworkPolicyList - plural: adminnetworkpolicies - shortNames: - - anp - singular: adminnetworkpolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.priority - name: Priority - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - AdminNetworkPolicy is a cluster level resource that is part of the - AdminNetworkPolicy API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of AdminNetworkPolicy. - properties: - egress: - description: |- - Egress is the list of Egress rules to be applied to the selected pods. - A total of 100 rules will be allowed in each ANP instance. - The relative precedence of egress rules within a single ANP object (all of - which share the priority) will be determined by the order in which the rule - is written. Thus, a rule that appears at the top of the egress rules - would take the highest precedence. - ANPs with no egress rules do not affect egress traffic. - - - Support: Core - items: - description: |- - AdminNetworkPolicyEgressRule describes an action to take on a particular - set of traffic originating from pods selected by a AdminNetworkPolicy's - Subject field. - - properties: - action: - description: |- - Action specifies the effect this rule will have on matching traffic. - Currently the following actions are supported: - Allow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy) - Deny: denies the selected traffic - Pass: instructs the selected traffic to skip any remaining ANP rules, and - then pass execution to any NetworkPolicies that select the pod. - If the pod is not selected by any NetworkPolicies then execution - is passed to any BaselineAdminNetworkPolicies that select the pod. - - - Support: Core - enum: - - Allow - - Deny - - Pass - type: string - name: - description: |- - Name is an identifier for this rule, that may be no more than 100 characters - in length. This field should be used by the implementation to help - improve observability, readability and error-reporting for any applied - AdminNetworkPolicies. - - - Support: Core - maxLength: 100 - type: string - ports: - description: |- - Ports allows for matching traffic based on port and protocols. - This field is a list of destination ports for the outgoing egress traffic. - If Ports is not set then the rule does not filter traffic via port. - - - Support: Core - items: - description: |- - AdminNetworkPolicyPort describes how to select network ports on pod(s). - Exactly one field must be set. - maxProperties: 1 - minProperties: 1 - properties: - namedPort: - description: |- - NamedPort selects a port on a pod(s) based on name. - - - Support: Extended - - - - type: string - portNumber: - description: |- - Port selects a port on a pod(s) based on number. - - - Support: Core - properties: - port: - description: |- - Number defines a network port value. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - required: - - port - - protocol - type: object - portRange: - description: |- - PortRange selects a port range on a pod(s) based on provided start and end - values. - - - Support: Core - properties: - end: - description: |- - End defines a network port that is the end of a port range, the End value - must be greater than Start. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - start: - description: |- - Start defines a network port that is the start of a port range, the Start - value must be less than End. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - end - - start - type: object - type: object - maxItems: 100 - type: array - to: - description: |- - To is the List of destinations whose traffic this rule applies to. - If any AdminNetworkPolicyEgressPeer matches the destination of outgoing - traffic then the specified action is applied. - This field must be defined and contain at least one item. - - - Support: Core - items: - description: |- - AdminNetworkPolicyEgressPeer defines a peer to allow traffic to. - Exactly one of the selector pointers must be set for a given peer. If a - consumer observes none of its fields are set, they must assume an unknown - option has been specified and fail closed. - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: |- - Namespaces defines a way to select all pods within a set of Namespaces. - Note that host-networked pods are not included in this type of peer. - - - Support: Core - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - networks: - description: |- - Networks defines a way to select peers via CIDR blocks. - This is intended for representing entities that live outside the cluster, - which can't be selected by pods, namespaces and nodes peers, but note - that cluster-internal traffic will be checked against the rule as - well. So if you Allow or Deny traffic to `"0.0.0.0/0"`, that will allow - or deny all IPv4 pod-to-pod traffic as well. If you don't want that, - add a rule that Passes all pod traffic before the Networks rule. - - - Each item in Networks should be provided in the CIDR format and should be - IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - - - Networks can have upto 25 CIDRs specified. - - - Support: Extended - - - - items: - description: |- - CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). - This string must be validated by implementations using net.ParseCIDR - TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available. - maxLength: 43 - type: string - x-kubernetes-validations: - - message: - CIDR must be either an IPv4 or IPv6 address. - IPv4 address embedded in IPv6 addresses are not - supported - rule: self.contains(':') != self.contains('.') - maxItems: 25 - minItems: 1 - type: array - x-kubernetes-list-type: set - nodes: - description: |- - Nodes defines a way to select a set of nodes in - the cluster. This field follows standard label selector - semantics; if present but empty, it selects all Nodes. - - - Support: Extended - - - - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: |- - Pods defines a way to select a set of pods in - a set of namespaces. Note that host-networked pods - are not included in this type of peer. - - - Support: Core - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - maxItems: 100 - minItems: 1 - type: array - required: - - action - - to - type: object - x-kubernetes-validations: - - message: - networks/nodes peer cannot be set with namedPorts since - there are no namedPorts for networks/nodes - rule: - "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) - && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" - maxItems: 100 - type: array - ingress: - description: |- - Ingress is the list of Ingress rules to be applied to the selected pods. - A total of 100 rules will be allowed in each ANP instance. - The relative precedence of ingress rules within a single ANP object (all of - which share the priority) will be determined by the order in which the rule - is written. Thus, a rule that appears at the top of the ingress rules - would take the highest precedence. - ANPs with no ingress rules do not affect ingress traffic. - - - Support: Core - items: - description: |- - AdminNetworkPolicyIngressRule describes an action to take on a particular - set of traffic destined for pods selected by an AdminNetworkPolicy's - Subject field. - properties: - action: - description: |- - Action specifies the effect this rule will have on matching traffic. - Currently the following actions are supported: - Allow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy) - Deny: denies the selected traffic - Pass: instructs the selected traffic to skip any remaining ANP rules, and - then pass execution to any NetworkPolicies that select the pod. - If the pod is not selected by any NetworkPolicies then execution - is passed to any BaselineAdminNetworkPolicies that select the pod. - - - Support: Core - enum: - - Allow - - Deny - - Pass - type: string - from: - description: |- - From is the list of sources whose traffic this rule applies to. - If any AdminNetworkPolicyIngressPeer matches the source of incoming - traffic then the specified action is applied. - This field must be defined and contain at least one item. - - - Support: Core - items: - description: |- - AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from. - Exactly one of the selector pointers must be set for a given peer. If a - consumer observes none of its fields are set, they must assume an unknown - option has been specified and fail closed. - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: |- - Namespaces defines a way to select all pods within a set of Namespaces. - Note that host-networked pods are not included in this type of peer. - - - Support: Core - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: |- - Pods defines a way to select a set of pods in - a set of namespaces. Note that host-networked pods - are not included in this type of peer. - - - Support: Core - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - maxItems: 100 - minItems: 1 - type: array - name: - description: |- - Name is an identifier for this rule, that may be no more than 100 characters - in length. This field should be used by the implementation to help - improve observability, readability and error-reporting for any applied - AdminNetworkPolicies. - - - Support: Core - maxLength: 100 - type: string - ports: - description: |- - Ports allows for matching traffic based on port and protocols. - This field is a list of ports which should be matched on - the pods selected for this policy i.e the subject of the policy. - So it matches on the destination port for the ingress traffic. - If Ports is not set then the rule does not filter traffic via port. - - - Support: Core - items: - description: |- - AdminNetworkPolicyPort describes how to select network ports on pod(s). - Exactly one field must be set. - maxProperties: 1 - minProperties: 1 - properties: - namedPort: - description: |- - NamedPort selects a port on a pod(s) based on name. - - - Support: Extended - - - - type: string - portNumber: - description: |- - Port selects a port on a pod(s) based on number. - - - Support: Core - properties: - port: - description: |- - Number defines a network port value. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - required: - - port - - protocol - type: object - portRange: - description: |- - PortRange selects a port range on a pod(s) based on provided start and end - values. - - - Support: Core - properties: - end: - description: |- - End defines a network port that is the end of a port range, the End value - must be greater than Start. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - start: - description: |- - Start defines a network port that is the start of a port range, the Start - value must be less than End. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - end - - start - type: object - type: object - maxItems: 100 - type: array - required: - - action - - from - type: object - maxItems: 100 - type: array - priority: - description: |- - Priority is a value from 0 to 1000. Rules with lower priority values have - higher precedence, and are checked before rules with higher priority values. - All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or - BaselineAdminNetworkPolicy rules - The behavior is undefined if two ANP objects have same priority. - - - Support: Core - format: int32 - maximum: 1000 - minimum: 0 - type: integer - subject: - description: |- - Subject defines the pods to which this AdminNetworkPolicy applies. - Note that host-networked pods are not included in subject selection. - - - Support: Core - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: Namespaces is used to select pods via namespace selectors. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: - Pods is used to select pods via namespace AND pod - selectors. - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - required: - - priority - - subject - type: object - status: - description: Status is the status to be reported by the implementation. - properties: - conditions: - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - conditions - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/libcalico-go/config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/libcalico-go/config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml deleted file mode 100644 index fddc29a..0000000 --- a/libcalico-go/config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml +++ /dev/null @@ -1,1083 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/network-policy-api/pull/30 - policy.networking.k8s.io/bundle-version: v0.1.1 - policy.networking.k8s.io/channel: experimental - creationTimestamp: null - name: baselineadminnetworkpolicies.policy.networking.k8s.io -spec: - group: policy.networking.k8s.io - names: - kind: BaselineAdminNetworkPolicy - listKind: BaselineAdminNetworkPolicyList - plural: baselineadminnetworkpolicies - shortNames: - - banp - singular: baselineadminnetworkpolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - BaselineAdminNetworkPolicy is a cluster level resource that is part of the - AdminNetworkPolicy API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of BaselineAdminNetworkPolicy. - properties: - egress: - description: |- - Egress is the list of Egress rules to be applied to the selected pods if - they are not matched by any AdminNetworkPolicy or NetworkPolicy rules. - A total of 100 Egress rules will be allowed in each BANP instance. - The relative precedence of egress rules within a single BANP object - will be determined by the order in which the rule is written. - Thus, a rule that appears at the top of the egress rules - would take the highest precedence. - BANPs with no egress rules do not affect egress traffic. - - - Support: Core - items: - description: |- - BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular - set of traffic originating from pods selected by a BaselineAdminNetworkPolicy's - Subject field. - - properties: - action: - description: |- - Action specifies the effect this rule will have on matching traffic. - Currently the following actions are supported: - Allow: allows the selected traffic - Deny: denies the selected traffic - - - Support: Core - enum: - - Allow - - Deny - type: string - name: - description: |- - Name is an identifier for this rule, that may be no more than 100 characters - in length. This field should be used by the implementation to help - improve observability, readability and error-reporting for any applied - BaselineAdminNetworkPolicies. - - - Support: Core - maxLength: 100 - type: string - ports: - description: |- - Ports allows for matching traffic based on port and protocols. - This field is a list of destination ports for the outgoing egress traffic. - If Ports is not set then the rule does not filter traffic via port. - items: - description: |- - AdminNetworkPolicyPort describes how to select network ports on pod(s). - Exactly one field must be set. - maxProperties: 1 - minProperties: 1 - properties: - namedPort: - description: |- - NamedPort selects a port on a pod(s) based on name. - - - Support: Extended - - - - type: string - portNumber: - description: |- - Port selects a port on a pod(s) based on number. - - - Support: Core - properties: - port: - description: |- - Number defines a network port value. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - required: - - port - - protocol - type: object - portRange: - description: |- - PortRange selects a port range on a pod(s) based on provided start and end - values. - - - Support: Core - properties: - end: - description: |- - End defines a network port that is the end of a port range, the End value - must be greater than Start. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - start: - description: |- - Start defines a network port that is the start of a port range, the Start - value must be less than End. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - end - - start - type: object - type: object - maxItems: 100 - type: array - to: - description: |- - To is the list of destinations whose traffic this rule applies to. - If any AdminNetworkPolicyEgressPeer matches the destination of outgoing - traffic then the specified action is applied. - This field must be defined and contain at least one item. - - - Support: Core - items: - description: |- - AdminNetworkPolicyEgressPeer defines a peer to allow traffic to. - Exactly one of the selector pointers must be set for a given peer. If a - consumer observes none of its fields are set, they must assume an unknown - option has been specified and fail closed. - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: |- - Namespaces defines a way to select all pods within a set of Namespaces. - Note that host-networked pods are not included in this type of peer. - - - Support: Core - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - networks: - description: |- - Networks defines a way to select peers via CIDR blocks. - This is intended for representing entities that live outside the cluster, - which can't be selected by pods, namespaces and nodes peers, but note - that cluster-internal traffic will be checked against the rule as - well. So if you Allow or Deny traffic to `"0.0.0.0/0"`, that will allow - or deny all IPv4 pod-to-pod traffic as well. If you don't want that, - add a rule that Passes all pod traffic before the Networks rule. - - - Each item in Networks should be provided in the CIDR format and should be - IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - - - Networks can have upto 25 CIDRs specified. - - - Support: Extended - - - - items: - description: |- - CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). - This string must be validated by implementations using net.ParseCIDR - TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available. - maxLength: 43 - type: string - x-kubernetes-validations: - - message: - CIDR must be either an IPv4 or IPv6 address. - IPv4 address embedded in IPv6 addresses are not - supported - rule: self.contains(':') != self.contains('.') - maxItems: 25 - minItems: 1 - type: array - x-kubernetes-list-type: set - nodes: - description: |- - Nodes defines a way to select a set of nodes in - the cluster. This field follows standard label selector - semantics; if present but empty, it selects all Nodes. - - - Support: Extended - - - - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: |- - Pods defines a way to select a set of pods in - a set of namespaces. Note that host-networked pods - are not included in this type of peer. - - - Support: Core - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - maxItems: 100 - minItems: 1 - type: array - required: - - action - - to - type: object - x-kubernetes-validations: - - message: - networks/nodes peer cannot be set with namedPorts since - there are no namedPorts for networks/nodes - rule: - "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) - && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" - maxItems: 100 - type: array - ingress: - description: |- - Ingress is the list of Ingress rules to be applied to the selected pods - if they are not matched by any AdminNetworkPolicy or NetworkPolicy rules. - A total of 100 Ingress rules will be allowed in each BANP instance. - The relative precedence of ingress rules within a single BANP object - will be determined by the order in which the rule is written. - Thus, a rule that appears at the top of the ingress rules - would take the highest precedence. - BANPs with no ingress rules do not affect ingress traffic. - - - Support: Core - items: - description: |- - BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular - set of traffic destined for pods selected by a BaselineAdminNetworkPolicy's - Subject field. - properties: - action: - description: |- - Action specifies the effect this rule will have on matching traffic. - Currently the following actions are supported: - Allow: allows the selected traffic - Deny: denies the selected traffic - - - Support: Core - enum: - - Allow - - Deny - type: string - from: - description: |- - From is the list of sources whose traffic this rule applies to. - If any AdminNetworkPolicyIngressPeer matches the source of incoming - traffic then the specified action is applied. - This field must be defined and contain at least one item. - - - Support: Core - items: - description: |- - AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from. - Exactly one of the selector pointers must be set for a given peer. If a - consumer observes none of its fields are set, they must assume an unknown - option has been specified and fail closed. - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: |- - Namespaces defines a way to select all pods within a set of Namespaces. - Note that host-networked pods are not included in this type of peer. - - - Support: Core - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: |- - Pods defines a way to select a set of pods in - a set of namespaces. Note that host-networked pods - are not included in this type of peer. - - - Support: Core - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - maxItems: 100 - minItems: 1 - type: array - name: - description: |- - Name is an identifier for this rule, that may be no more than 100 characters - in length. This field should be used by the implementation to help - improve observability, readability and error-reporting for any applied - BaselineAdminNetworkPolicies. - - - Support: Core - maxLength: 100 - type: string - ports: - description: |- - Ports allows for matching traffic based on port and protocols. - This field is a list of ports which should be matched on - the pods selected for this policy i.e the subject of the policy. - So it matches on the destination port for the ingress traffic. - If Ports is not set then the rule does not filter traffic via port. - - - Support: Core - items: - description: |- - AdminNetworkPolicyPort describes how to select network ports on pod(s). - Exactly one field must be set. - maxProperties: 1 - minProperties: 1 - properties: - namedPort: - description: |- - NamedPort selects a port on a pod(s) based on name. - - - Support: Extended - - - - type: string - portNumber: - description: |- - Port selects a port on a pod(s) based on number. - - - Support: Core - properties: - port: - description: |- - Number defines a network port value. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - required: - - port - - protocol - type: object - portRange: - description: |- - PortRange selects a port range on a pod(s) based on provided start and end - values. - - - Support: Core - properties: - end: - description: |- - End defines a network port that is the end of a port range, the End value - must be greater than Start. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must - match. If not specified, this field defaults to TCP. - - - Support: Core - type: string - start: - description: |- - Start defines a network port that is the start of a port range, the Start - value must be less than End. - - - Support: Core - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - end - - start - type: object - type: object - maxItems: 100 - type: array - required: - - action - - from - type: object - maxItems: 100 - type: array - subject: - description: |- - Subject defines the pods to which this BaselineAdminNetworkPolicy applies. - Note that host-networked pods are not included in subject selection. - - - Support: Core - maxProperties: 1 - minProperties: 1 - properties: - namespaces: - description: Namespaces is used to select pods via namespace selectors. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - pods: - description: - Pods is used to select pods via namespace AND pod - selectors. - properties: - namespaceSelector: - description: |- - NamespaceSelector follows standard label selector semantics; if empty, - it selects all Namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelector: - description: |- - PodSelector is used to explicitly select pods within a namespace; if empty, - it selects all Pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - namespaceSelector - - podSelector - type: object - type: object - required: - - subject - type: object - status: - description: Status is the status to be reported by the implementation. - properties: - conditions: - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - conditions - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: - Only one baseline admin network policy with metadata.name="default" - can be created in the cluster - rule: self.metadata.name == 'default' - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/libcalico-go/config/crd/usage.tigera.io_licenseusagereports.yaml b/libcalico-go/config/crd/usage.tigera.io_licenseusagereports.yaml deleted file mode 100644 index 8438b17..0000000 --- a/libcalico-go/config/crd/usage.tigera.io_licenseusagereports.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: licenseusagereports.usage.tigera.io -spec: - group: usage.tigera.io - names: - kind: LicenseUsageReport - listKind: LicenseUsageReportList - plural: licenseusagereports - singular: licenseusagereport - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - hmac: - type: string - reportData: - type: string - required: - - hmac - - reportData - type: object - required: - - metadata - - spec - type: object - served: true - storage: true From c6ef1de490d0f92ab612fc22b1c57a1144acf9e7 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Tue, 3 Mar 2026 13:56:36 -0800 Subject: [PATCH 3/5] Revert "Add kind-single.config for unit tests" This reverts commit 1b5b104517897d74367c1d009c1740d435a047b0. --- hack/test/kind/kind-single.config | 40 ------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 hack/test/kind/kind-single.config diff --git a/hack/test/kind/kind-single.config b/hack/test/kind/kind-single.config deleted file mode 100644 index 46d9e3d..0000000 --- a/hack/test/kind/kind-single.config +++ /dev/null @@ -1,40 +0,0 @@ -# Configuration for a local kind cluster that deploys a control plane node -# and nothing else - useful for tests which do not need real nodes and just need -# an apiserver, etc. -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -networking: - disableDefaultCNI: true - podSubnet: "192.168.0.0/16" - dnsSearch: [] - -nodes: -# For libcalico-go tests, we only need a control plane node. -- role: control-plane - extraPortMappings: - - containerPort: 8080 - hostPort: 8080 - -featureGates: - "MutatingAdmissionPolicy": true - -runtimeConfig: - "admissionregistration.k8s.io/v1beta1": "true" - -kubeadmConfigPatches: -- | - apiVersion: kubeadm.k8s.io/v1beta3 - kind: ClusterConfiguration - metadata: - name: config - controllerManager: - extraArgs: - cluster-cidr: "192.168.0.0/16" -- | - apiVersion: kubeproxy.config.k8s.io/v1alpha1 - kind: KubeProxyConfiguration - metadata: - name: config - mode: ipvs - conntrack: - maxPerCore: 0 From 0b5731602b46817314b8d142b2efb6b572137535 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Tue, 3 Mar 2026 14:20:18 -0800 Subject: [PATCH 4/5] Revert monorepo-only Makefile changes Restores the standalone ut target (no kind cluster dependency), removes CALICO_API_GROUP and KIND_CONFIG vars, removes CRD generation steps from gen-files. Adds deepcopy-gen for usage.tigera.io/v1 which is a new API type that needs to be generated standalone. --- Makefile | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index 402eda6..0828b4f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -# The tests in this directory use the projectcalico.org/v3 API group for CRDs. -CALICO_API_GROUP ?= projectcalico.org/v3 - # If ../metadata.mk exists, we're running this logic from within the calico repository. # If it does not, then we're in the api repo and we should use the local metadata.mk. ifneq ("$(wildcard ../metadata.mk)", "") @@ -15,7 +12,6 @@ LOCAL_CHECKS = lint-cache-dir check-copyright BINDIR ?= bin BUILD_DIR ?= build TOP_SRC_DIRS = pkg -KIND_CONFIG = $(KIND_DIR)/kind-single.config ############################################################################## # Download and include ../lib.Makefile before anything else @@ -39,14 +35,13 @@ DOCKER_RUN := mkdir -p ../.go-pkg-cache bin $(GOMOD_CACHE) && \ --net=host \ --init \ $(EXTRA_DOCKER_ARGS) \ - $(DOCKER_GIT_WORKTREE_ARGS) \ -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ -e GOCACHE=/go-cache \ $(GOARCH_FLAGS) \ -e GOPATH=/go \ -e OS=$(BUILDOS) \ -e GOOS=$(BUILDOS) \ - -e "GOFLAGS=$(GOFLAGS)" \ + -e GOFLAGS=$(GOFLAGS) \ -v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \ -v $(CURDIR)/../.go-pkg-cache:/go-cache:rw \ -w /go/src/$(PACKAGE_NAME) @@ -59,18 +54,6 @@ build: gen-files examples # Regenerate all files if the gen exes changed or any "types.go" files changed .PHONY: gen-files gen-files .generate_files: lint-cache-dir clean-generated - # Generate CRDs without descriptions - $(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) controller-gen crd:allowDangerousTypes=true,crdVersions=v1,deprecatedV1beta1CompatibilityPreserveUnknownFields=false,maxDescLen=0 paths=./pkg/apis/... output:crd:dir=config/crd/' - # Remove the first yaml separator line. - $(DOCKER_RUN) $(CALICO_BUILD) sh -c 'find ./config/crd -name "*.yaml" | xargs sed -i 1d' - # Run prettier to fix indentation - docker run --rm --user $(id -u):$(id -g) -v $(CURDIR)/config/crd/:/work/config/crd/ tmknom/prettier --write --parser=yaml /work - # Patch in manual tweaks to the generated CRDs. - # - Add nullable to IPAM block allocations field to allow null values in the allocations array. - # - Remove the profiles CRD. Profiles are backed by Namespaces in Kubernetes and the CRD is not needed. - patch -p2 < patches/0001-Add-nullable-to-IPAM-block-allocations-field.patch - rm -f config/crd/projectcalico.org_profiles.yaml - # Generate defaults $(DOCKER_RUN) $(CALICO_BUILD) \ sh -c '$(GIT_CONFIG_SSH) defaulter-gen \ @@ -79,7 +62,6 @@ gen-files .generate_files: lint-cache-dir clean-generated --extra-peer-dirs "$(PACKAGE_NAME)/pkg/apis/projectcalico/v3" \ --output-file zz_generated.defaults.go \ "$(PACKAGE_NAME)/pkg/apis/projectcalico/v3"' - # Generate deep copies $(DOCKER_RUN) $(CALICO_BUILD) \ sh -c '$(GIT_CONFIG_SSH) deepcopy-gen \ @@ -160,14 +142,9 @@ WHAT?=. GINKGO_FOCUS?=.* .PHONY:ut -ut: kind-cluster-create - mkdir -p report - $(DOCKER_RUN) \ - --privileged \ - -e KUBECONFIG=/kubeconfig.yaml \ - -v $(KIND_KUBECONFIG):/kubeconfig.yaml \ - $(CALICO_BUILD) \ - sh -c 'cd /go/src/$(PACKAGE_NAME) && ginkgo -r --focus="$(GINKGO_FOCUS)" $(WHAT)' +ut: + $(DOCKER_RUN) --privileged $(CALICO_BUILD) \ + sh -c 'cd /go/src/$(PACKAGE_NAME) && ginkgo -r -focus="$(GINKGO_FOCUS)" $(WHAT)' ## Check if generated files are out of date .PHONY: check-generated-files @@ -184,4 +161,4 @@ check-generated-files: .generate_files ############################################################################### .PHONY: ci ## Run what CI runs -ci: clean check-generated-files static-checks build ut +ci: clean check-generated-files build ut static-checks From 0e7c4400406ae79411ecff4a044b61653ee7cd37 Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Tue, 3 Mar 2026 15:20:35 -0800 Subject: [PATCH 5/5] Remove bgpfilter_test.go, requires a kind cluster --- pkg/apis/projectcalico/v3/bgpfilter_test.go | 120 -------------------- 1 file changed, 120 deletions(-) delete mode 100644 pkg/apis/projectcalico/v3/bgpfilter_test.go diff --git a/pkg/apis/projectcalico/v3/bgpfilter_test.go b/pkg/apis/projectcalico/v3/bgpfilter_test.go deleted file mode 100644 index 214ff58..0000000 --- a/pkg/apis/projectcalico/v3/bgpfilter_test.go +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright (c) 2025 Tigera, Inc. All rights reserved. - -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v3_test - -import ( - "context" - "os" - "testing" - - . "github.com/onsi/gomega" - v3 "github.com/tigera/api/pkg/apis/projectcalico/v3" - "github.com/tigera/api/pkg/client/clientset_generated/clientset" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/clientcmd" -) - -func setup(t *testing.T) (clientset.Interface, func()) { - // Register gomega with test. - RegisterTestingT(t) - - // Create a client. - cfg, err := clientcmd.BuildConfigFromFlags("", os.Getenv("KUBECONFIG")) - Expect(err).NotTo(HaveOccurred()) - c, err := clientset.NewForConfig(cfg) - Expect(err).NotTo(HaveOccurred()) - - return c, func() {} -} - -func TestBGPFilterValidation(t *testing.T) { - type bgpFilterTest struct { - name string - obj *v3.BGPFilter - valid bool - err string - } - tests := []bgpFilterTest{ - { - name: "basic valid BGPFilter", - obj: &v3.BGPFilter{ - ObjectMeta: metav1.ObjectMeta{Name: "valid-bgpfilter"}, - Spec: v3.BGPFilterSpec{ExportV4: []v3.BGPFilterRuleV4{{CIDR: "10.0.0.0/24", Action: v3.Accept}}}, - }, - valid: true, - }, - - { - name: "invalid BGPFilter with bad action", - obj: &v3.BGPFilter{ - ObjectMeta: metav1.ObjectMeta{Name: "invalid-bgpfilter"}, - Spec: v3.BGPFilterSpec{ExportV4: []v3.BGPFilterRuleV4{ - {CIDR: "10.0.0.0/24", Action: "InvalidAction"}, - }}, - }, - err: "spec.exportV4[0].action", - valid: false, - }, - - { - name: "invalid BGPFilter with bad CIDR", - obj: &v3.BGPFilter{ - ObjectMeta: metav1.ObjectMeta{Name: "invalid-bgpfilter"}, - Spec: v3.BGPFilterSpec{ImportV4: []v3.BGPFilterRuleV4{ - {CIDR: "invalid-cidr", Action: v3.Accept}, - }}, - }, - err: "spec.importV4[0].cidr", - valid: false, - }, - - { - name: "invalid BGPFilter with matchOperator", - obj: &v3.BGPFilter{ - ObjectMeta: metav1.ObjectMeta{Name: "invalid-bgpfilter"}, - Spec: v3.BGPFilterSpec{ExportV6: []v3.BGPFilterRuleV6{ - {CIDR: "fd00:1234:abcd::/64", MatchOperator: "InvalidOperator", Action: v3.Reject}, - }}, - }, - err: "spec.exportV6[0].matchOperator", - valid: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - c, cleanup := setup(t) - defer cleanup() - - ctx := context.Background() - g := NewGomegaWithT(t) - - // Try to create the BGPFilter object. - created, err := c.ProjectcalicoV3().BGPFilters().Create(ctx, tt.obj, metav1.CreateOptions{}) - if tt.valid { - defer func() { - err := c.ProjectcalicoV3().BGPFilters().Delete(ctx, created.Name, metav1.DeleteOptions{}) - g.Expect(err).NotTo(HaveOccurred(), "Expected BGPFilter to be deleted") - }() - g.Expect(err).NotTo(HaveOccurred(), "Expected BGPFilter to be valid") - } else { - g.Expect(err).To(HaveOccurred(), "Expected BGPFilter to be invalid") - if tt.err != "" { - g.Expect(err.Error()).To(ContainSubstring(tt.err)) - } - } - }) - } -}